cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on

[reggie-k]

I deployed the latest release using deploy manifests (not the helm chart) on Openshift 4.5

When the operator processes my cr, the following error is observed in the log:

Error creating Role Binding: rolebindings.rbac.authorization.k8s.io "some-definition-some-binding-edit" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: ,

I added the following to the operator clusterrole, but the error persists:

• apiGroups:
  • rbac.authorization.k8s.io
    resources:
  • rolebindings/finalizers
    verbs:
  • '*'
• apiGroups:
  • '*'
    resources:
  • deployments/finalizers
  • pods/finalizers
    verbs:
  • '*'

[sudermanjr]

I don't have access to any openshift clusters to test, but could you try adding this to the RBAC instead? I don't think the issue is access to finalizers on any of the kube-native resources, but just the rbacDefinition CRD

  - apiGroups:
      - rbacmanager.reactiveops.io
    resources:
      - rbacdefinitions/finalizers
    verbs:
      - "*"

I'm only guessing this based on a very short google search and no experience with OpenShift. spotahome/redis-operator#98

[reggie-k]

Thanks!! That definitely did the trick

[QuingKhaos]

@sudermanjr shouldn't this get fixed in the Helm chart too?