OpenShift kubesphere resource finalizers

Question

OpenShift kubesphere resource finalizers

Closed this issue 2 years ago · 2 comments

In OpenShift the cluster role needs to have finalizers included for subresource (in addition the the status which is already there), otherwise the operator will throw RBAC related errors like the below and fail to deploy components.

2022-05-11T21:43:53.800Z	ERROR	controller-runtime.controller	Reconciler error	{"controller": "ruler", "request": "kubesphere-events/kube-events-ruler", "error": "serviceaccounts \"kube-events-ruler\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>"}

ie. need to add <resource>/finalizers

- apiGroups:
  - events.kubesphere.io
  resources:
  - exporters/status
  - exporters/finalizers
  verbs:
  - get
  - patch
  - update
- apiGroups:
  - events.kubesphere.io
  resources:
  - rulers/status
  - rulers/finalizers
  verbs:
  - get
  - patch
  - update
- apiGroups:
  - events.kubesphere.io
  resources:
  - rules/status
  - rules/finalizers
  verbs:
  - get
  - patch
  - update

I've updated manually, but would be nice to add for others who will deploy this on OCP. Thanks!

Answer 1 · 2022-05-12T02:55:21.000Z

@ctrought welcome you to submit your update for compatibility with OCP if you're insterested

Answer 2 · 2022-05-30T03:27:55.000Z

Completed in #37