Closed
Description
Version: 1.2.0
Error in oracle-database-operator-controller-manager pod logs:
E0617 08:58:09.034685 1 reflector.go:158] "Unhandled Error" err="pkg/mod/k8s.io/client-go@v0.31.3/tools/cache/reflector.go:243: Failed to watch *v1.Node: failed to list *v1.Node: nodes is forbidden: User \"system:serviceaccount:oracle-database-operator-system:default\" cannot list resource \"nodes\" in API group \"\" at the cluster scope: . Opc-Request-Id: <nil>" logger="UnhandledError"
SIDB pod is running (DB is ready to use), status of SIDB resource is Pending:
Normal Database Pending 13m (x12 over 15m) SingleInstanceDatabase waiting for a pod to get to running state
Normal Database Unhealthy 12m (x4 over 13m) SingleInstanceDatabase datafiles exists
Reproducible
- Installed CertManager (used 1.18.0; latest at time available)
k apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.18.0/cert-manager.yaml
- Setup Cluster Scoped RBAC:
k apply -f https://raw.githubusercontent.com/oracle/oracle-database-operator/refs/tags/1.2.0/rbac/cluster-role-binding.yaml
- Installed OraOperator:
k apply -f https://raw.githubusercontent.com/oracle/oracle-database-operator/refs/tags/1.2.0/oracle-database-operator.yaml
- Created Secret
DB_PWD=$(echo "ORDSpoc_$(date +%H%S%M)") k create secret generic sidb-db-auth --from-literal=password=${DB_PWD}
- SIDB - Free
k apply -f - <<EOF apiVersion: database.oracle.com/v1alpha1 kind: SingleInstanceDatabase metadata: name: oraoper-sidb spec: replicas: 1 image: pullFrom: container-registry.oracle.com/database/free:23.7.0.0 prebuiltDB: true sid: FREE edition: free adminPassword: secretName: sidb-db-auth secretKey: password pdbName: FREEPDB1 EOF
Resolution
Updated RBAC:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: oracle-database-operator-manager-role
...
- apiGroups:
- ""
resources:
- nodes
- persistentvolumes
verbs:
- get
- list
- watch
...
Metadata
Metadata
Assignees
Labels
No labels