Details
-
Story
-
Resolution: Unresolved
-
Critical
-
None
-
None
-
1
-
False
-
None
-
False
-
SECFLOWOTL-129 - Better Error Handling for Non-Critical Issues in Namespace Installations by operator
-
The current jira tracks a fix for when the rolebinding pipelines-scc-rolebinding is deleted or missing, Tektonconfig controller should keep reconciling
-
Pipelines Sprint 261 TekShift, Pipelines Sprint TekShift 262
Description
// Now we're left with namespaces that have already been reconciled. // We must make sure that the default SCC is in force via the ClusterRole. sccRoleBinding, err := r.kubeClientSet.RbacV1().RoleBindings(ns.Name).Get(ctx, pipelinesSCCRoleBinding, metav1.GetOptions{}) if err != nil { return nil, err }
in this section, we return an error if a "reconciled" namespace does not have the `pipelines-scc-rolebinding` - this acts as a verification and this errors leads to a false tektonconfig and a blocked reconcile loop stuck in a loop and hence a broken operator installation.
piyushgarg001 has suggested that in this code snippet if the rolebinding does not exist, we should add the namespace back to reconciliation instead of bluntly returning the error - this will help in not-blocking the operator.
Attachments
Issue Links
- is depended on by
-
RFE-5304 Add namespace name in the error message related to `pipelines-scc-rolebinding` in pipelines operator pod logs
-
- Backlog
-
-
SRVKP-4343 Fix "pipelines-scc-rolebinding" missing errors
-
- In Progress
-
- links to