Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-8875

Kiali operator fails to install with RBAC permission errror.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • OSSM 2.6.6
    • OSSM 2.6.3
    • Kiali
    • None

      Issue:

      Kiali operator installed successfully but Kiali CRD failed with the below error:
      ~~~
      Failed to create object: b'{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"roles.rbac.authorization.k8s.io \\"kiali-controlplane
      " is forbidden: user \\"system:serviceaccount:openshift-operators:kiali-operator
      " (groups=\\"system:serviceaccounts\\" \\"system:serviceaccounts:openshift-operators\\" \\"system:authenticated\\") is attempting to grant RBAC permissions not currently held:
      n

      {APIGroups:[\\"\\"], Resources:[\\"secrets\\"], ResourceNames:[\\"cacerts\\"], Verbs:[\\"get\\"]}


      n

      {APIGroups:[\\"\\"], Resources:[\\"secrets\\"], ResourceNames:[\\"istio-ca-secret\\"], Verbs:[\\"get\\"]}

      ","reason":"Forbidden","details":

      {"name":"kiali-controlplane","group":"rbac.authorization.k8s.io","kind":"roles"}

      ,"code":403}\n'
      ~~~

      Affected Versions:

      • I observe this issue on the below versions:
      • OCP 4.14.40
      • OCP 4.15.x

      Workaround:

      • Patching the Kiali CRD to disable the spec.kiali_feature_flags.certificates_information_indicators
        ~~~
        kubectl patch kiali kiali -n istio-system --type=merge -p '{ "spec": {"kiali_feature_flags": {"certificates_information_indicators": {"enabled": false}}}}'
        ~~~

              Unassigned Unassigned
              rhn-support-suc SUYAMBULINGAM C
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: