Port permissions error on install attempt

Question

Port permissions error on install attempt

mrhillsman opened this issue 4 years ago · 5 comments

Describe the bug
Unable to install the operator in OpenShift 4.6

After creating the subscription, Istio pods are crashing with the following issue:

{"level":"error","ts":1596832528.4924417,"logger":"entrypoint","msg":"unable to run the manager","error":"listen tcp :443: bind: permission denied","stacktrace":"github.com/banzaicloud/istio-operator/vendor/github.com/go-logr/zapr.(*zapLogger).Error\n\t/go/src/github.com/banzaicloud/istio-operator/vendor/github.com/go-logr/zapr/zapr.go:128\nmain.main\n\t/go/src/github.com/banzaicloud/istio-operator/cmd/manager/main.go:107\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:201

Steps to reproduce the issue:
Install OpenShift 4.6
Install Istio operator

Version-Release number of selected component (if applicable):
Istio Operator 0.1.6
OCP 4.6.0-0.nightly-2020-08-10-080046

Actual results:
Unable to install Istio Operator

Expected results:
Should be able to install Istio Operator

Note:
The fix can be as easy as just changing the port to 9443 and use the service targetPort 443 or can be complicated as some of the examples here https://github.com/acmenezes/linux-capabilities-in-openshift.

Answer 1 · 2020-09-02T09:33:35.000Z

Hi,

The docker image version 0.1.6 is really old, do you still have the issue with 0.7.1 (for Istio 1.7) or 0.6.12 (for Istio 1.6)?

Answer 2 · 2020-09-07T00:59:27.000Z

Great to hear, the package for the operator needs to be updated to reflect the change: https://github.com/operator-framework/community-operators/tree/master/upstream-community-operators/istio

You can see from the clusterserviceversion the current image:
https://github.com/operator-framework/community-operators/blob/master/upstream-community-operators/istio/0.1.6/istio-operator.0.1.6.clusterserviceversion.yaml#L61
https://github.com/operator-framework/community-operators/blob/master/upstream-community-operators/istio/0.1.6/istio-operator.0.1.6.clusterserviceversion.yaml#L427

Installation is being done from here https://operatorhub.io/operator/istio

Answer 3 · 2020-09-07T11:57:24.000Z

We support and recommend Istio operator installation by Helm, Kustomize and Backyards. We frequently release new operator versions and always keep these aforementioned installation methods up-to-date with the new versions.

We cannot really keep up-to-date with the operatorhub Istio operator version because we don't control the release process there and the version update PRs may be merged later when that version is already outdated.

So I can only recommend the above mentioned installation methods to install the operator.

Answer 4 · 2020-09-08T14:48:28.000Z

Would you like for us to remove the operator from the hub in this case?

Answer 5 · 2020-09-08T16:02:06.000Z

Yes, please feel free to remove it, it was more of a pain then a benefit to our users. Could you remove all the other operators we have once published but gave up maintaining the operator hub updates?