-
Bug
-
Resolution: Duplicate
-
Undefined
-
None
-
None
-
None
-
False
-
None
-
False
-
-
Description of problem:
On a fresh Openshift Gitops install, openshift-gitops-server-xxx pods throw errors like :
reflector.go:138] pkg/mod/k8s.io/client-go@v0.24.2/tools/cache/reflector.go:167: Failed to watch *v1alpha1.ApplicationSet: failed to list *v1alpha1.ApplicationSet: applicationsets.argoproj.io is forbidden: User "system:serviceaccount:openshift-gitops:openshift-gitops-argocd-server" cannot list resource "applicationsets" in API group "argoproj.io" in the namespace "openshift-gitops"
appset is missing in the role managed by the controller
rules: - apiGroups: - '*' resources: - '*' verbs: - get - patch - delete - apiGroups: - "" resources: - secrets - configmaps verbs: - create - get - list - watch - update - patch - delete - apiGroups: - argoproj.io resources: - applications - appprojects verbs: - create - get - list - watch - update - delete - patch - apiGroups: - "" resources: - events verbs: - create - list
Prerequisites (if any, like setup, operators/versions):
Steps to Reproduce
Deploy Openshift Gitops ; reproduced on v1.9 to 1.11
Actual results:
Missing permissions for openshift-gitops-argocd-server sa, errors in logs.
Expected results:
openshift-gitops-argocd-server sa should have all needed permissions out of the box
Upstream, role is ok : https://github.com/argoproj/argo-cd/blob/v2.9.2/manifests/base/server/argocd-server-role.yaml
Reproducibility (Always/Intermittent/Only Once):
Always
*
- duplicates
-
GITOPS-3762 Expand argocd-server permissions to manage applicationsets
-
- Closed
-
