forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on #807
Comments
|
@thinkahead nobody appears to have this issue with the operator. My sense is that you have not shared some important context or information that we require. If you're deploying a PPC64le function, then your build cannot be official which means you are likely outside the realms of what we can support via the GitHub issue tracker, and free goodwill. If you can reproduce this issue with the official container builds of openfaas then please do update your issue. I'll close this, but if we hear from you, we could consider re-opening. You can get enterprise support and consulting time from us at https://openfaas.com/support/ |
|
@alexellis This is still the issue. Solved by adding To the operator role, but this is just a temporary solution. We have to figure out the full set of required permissions as not everywhere we have ClusterAdmin permission :) |
|
Would you like to send a PR please @vkryzh ? |
|
Role and ClusterRole: https://github.com/openfaas/faas-netes/blob/master/chart/openfaas/templates/operator-rbac.yaml As per community call, it seems like
|
Fixes: #807 Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
Get the following error when deploying a function on OpenShift in the gateway operator log when installed with --set operator.create=true.
I0617 14:46:13.705793 1 controller.go:254] Creating deployment for 'hello'
I0617 14:46:13.705865 1 deployment.go:152] Function hello: no profiles specified
I0617 14:46:13.705875 1 deployment.go:162] Function hello: Applying profiles []
E0617 14:46:13.738073 1 controller.go:206] error syncing 'openfaas-fn/hello': deployments.apps "hello" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: ,
W0617 14:46:15.723742 1 list.go:51] Function listing getReplicas error: deployment.apps "hello" not found
Expected Behaviour
The hello function should get executed in the openfaas-fn namespace
Current Behaviour
This cause the:
W0617 13:06:14.666512 1 list.go:51] Function listing getReplicas error: deployment.apps "hello" not found
BTW, it works fine if I install the helm chart without the operator. i.e. --set operator.create=false
Are you a GitHub Sponsor (Yes/No?)
Currently testing on ppc64le
Check at: https://github.com/sponsors/openfaas
List All Possible Solutions and Workarounds
https://sdk.operatorframework.io/docs/faqs/#after-deploying-my-operator-why-do-i-see-errors-like-is-forbidden-cannot-set-blockownerdeletion-if-an-ownerreference-refers-to-a-resource-you-cant-set-finalizers-on-
It probably requires adding the rule with some specific resource/finalizer to openfaas-operator-rw role in openfaas-fn namespace or openfaas-operator-controller clusterrole. It works with the rule below added:
Also separately, the
component: openaas-operatorshould be changed tocomponent: openfaas-operatorin the templatehttps://github.com/openfaas/faas-netes/blob/master/chart/openfaas/templates/operator-rbac.yaml#L113
Which Solution Do You Recommend?
Steps to Reproduce (for bugs)
Context
Your Environment
FaaS-CLI version ( Full output from:
faas-cli version):latest development version
Docker version
docker version(e.g. Docker 17.0.05 ):What version and distriubtion of Kubernetes are you using?
kubectl versionClient Version: 4.6.23
Server Version: 4.6.23
Kubernetes Version: v1.19.0+263ee0d
Operating System and version (e.g. Linux, Windows, MacOS):
ppc64le Linux
Link to your project or a code example to reproduce issue:
https://github.com/thinkahead/faas-fn/blob/main/hello-ppc64le.yml
What network driver are you using and what CIDR? i.e. Weave net / Flannel
The text was updated successfully, but these errors were encountered: