Loading...

XML

Word

Printable

Type: Bug
Resolution: Cannot Reproduce
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.12.0
Component/s: OLM
Labels:
None

Release Blocker:
Rejected
Blocked:
False
Release Note Text:
undefined

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description

kiali-operator sometimes fails to start or takes too long time (more than 10min).
The CSV says the RBAC is not satisfied as below:

apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion

  name: kiali-operator.v1.24.9

  - dependents:
    - group: rbac.authorization.k8s.io
      kind: PolicyRule
      message: cluster rule:{"verbs":["create","delete","get","list","patch","update","watch"],"apiGroups":[""],"resources":["configmaps","endpoints","events","persistentvolumeclaims","pods","serviceaccounts","services","services/finalizers"]}
      status: NotSatisfied
      version: v1
    - group: rbac.authorization.k8s.io
      kind: PolicyRule
      message: cluster rule:{"verbs":["get","list","patch"],"apiGroups":[""],"resources":["namespaces"]}
      status: NotSatisfied
      version: v1

  ... cont ...

olm-operator pod also says that.

time="2021-08-22T01:09:54Z" level=info msg="couldn't ensure RBAC in target namespaces" csv=kiali-operator.v1.24.9 error="no owned roles found" id=nDxqz namespace=openshift-operators phase=Pending

You can se the full olm-operator.log in https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/origin-ci-test/logs/periodic-ci-openshift-knative-serverless-operator-main-4.8-aws-ovn-e2e-aws-ovn-ocp-48-continuous/1429232049155215360/artifacts/e2e-aws-ovn-ocp-48-continuous/gather-extra/artifacts/pods/openshift-operator-lifecycle-manager_olm-operator-5ddc6d8588-mdskb_olm-operator.log

Step to reproduce

Just apply the following Subscription

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
 name: jaeger-product
 namespace: openshift-operators
spec:
 channel: stable
 name: jaeger-product
 installPlanApproval: Automatic
 source: redhat-operators
 sourceNamespace: openshift-marketplace
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
 name: kiali-ossm
 namespace: openshift-operators
spec:
 channel: stable
 name: kiali-ossm
 installPlanApproval: Automatic
 source: redhat-operators
 sourceNamespace: openshift-marketplace
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
 name: servicemeshoperator
 namespace: openshift-operators
spec:
 channel: stable
 name: servicemeshoperator
 installPlanApproval: Automatic
 source: redhat-operators
 sourceNamespace: openshift-marketplace

The issue happens on our CI. So you can find the logs including must-gather from https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-knative-serverless-operator-main-4.8-aws-ovn-e2e-aws-ovn-ocp-48-continuous/1429232049155215360

Additional note

I wondered this is an OLM issue, but the failure always happens on only kiali.

As you can see above subscription, jaeger and servicemesh operator are deployed at the same time but they do not hit this issue.

relates to

OCPBUGS-1591 openshift-special-resource-operator CSV is stuck in Pending due to missing ServiceAccount

Closed

Assignee:: Unassigned

Reporter:: Kenjiro Nakayama (Inactive)

Votes:: 1 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2021/08/23 8:31 AM

Updated:: 2022/10/14 3:28 PM

Resolved:: 2022/10/14 3:28 PM

Details

Description

Description

Step to reproduce

Additional note

Attachments

Issue Links

Activity

People

Dates