Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-1937

Deleting a QuayRegistry does not work. Operator SA has too few permissions

XMLWordPrintable

      When deleting a QuayRegistry that the operator set up the operator gets called because of the finalizer in the QuayRegistry resource.

      However the Operator's Service Account doesn't have permission to list namespaces which results in this error looping:

      2021-04-28T20:56:13.108Z INFO controllers.QuayRegistry `QuayRegistry` to be deleted {"quayregistry": "quay-wk/quay"}
      2021-04-28T20:56:13.108Z INFO controllers.QuayRegistry cleaning up namespace labels
      E0428 20:56:13.112234 1 reflector.go:153] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:224: Failed to list *v1.Namespace: namespaces is forbidden: User "system:serviceaccount:quay-wk:quay-operator" cannot list resource "namespaces" in API group "" at the cluster scope
      E0428 20:56:14.114435 1 reflector.go:153] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:224: Failed to list *v1.Namespace: namespaces is forbidden: User "system:serviceaccount:quay-wk:quay-operator" cannot list resource "namespaces" in API group "" at the cluster scope

        1. quay_operator_cluster_3.5.2_pod.logs
          47 kB

              rhn-coreos-amerdler Alec Merdler (Inactive)
              wkulhanek Wolfgang Kulhanek
              luffy zhang luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: