Continuous errors when there are no CSRs present
Closed this issue · 4 comments
The container logs an error each second, when there are no CSRs present.
<...>
E0919 09:03:26.669701 1 reflector.go:315] github.com/proofpoint/kapprover/kapprover/kapprover.go:120: Failed to watch *v1beta1.CertificateSigningRequest: unknown (get certificatesigningrequests.certificates.k8s.io)
E0919 09:03:27.671919 1 reflector.go:315] github.com/proofpoint/kapprover/kapprover/kapprover.go:120: Failed to watch *v1beta1.CertificateSigningRequest: unknown (get certificatesigningrequests.certificates.k8s.io)
E0919 09:03:28.676251 1 reflector.go:315] github.com/proofpoint/kapprover/kapprover/kapprover.go:120: Failed to watch *v1beta1.CertificateSigningRequest: unknown (get certificatesigningrequests.certificates.k8s.io)
E0919 09:03:29.677922 1 reflector.go:315] github.com/proofpoint/kapprover/kapprover/kapprover.go:120: Failed to watch *v1beta1.CertificateSigningRequest: unknown (get certificatesigningrequests.certificates.k8s.io)
It successfully approves them and deletes them afterwards, once they are created.
It's not a bug for the functionality, just these errors could be suppressed or handled.
Facing the same issue.
Hi @audriusb
Thanks for reporting the bug. can you check RBAC and see if it has permissions to "watch" setup. If not can you please add it and see if you are still able to reproduce the issue after that.
- apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests" ]
verbs: ["get", "list", "delete"]
Hi @rajatjindal
The solution works just fine. It gets and approves the CSRs, just when there's no CSRs it floods those errors. I wouldn't mind that much, but I'm directing all of it to elasticsearch and this is just trash in my logs.
For know, I used a workaround to redirect stderr to /dev/null, hoping that no real errors are suppressed.
Updated the sample RBAC to include the missing "watch" permission. Please update your RBAC to match the example in release 0.7.0.