You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am getting below error in aws contrib pod after upgrading aws contrib provider version in crossplane v1.14.0
W1116 12:52:04.413588 1 reflector.go:535] k8s.io/client-go@v0.28.3/tools/cache/reflector.go:229: failed to list *v1alpha1.ComputeEnvironment: Unauthorized
E1116 12:52:04.413625 1 reflector.go:147] k8s.io/client-go@v0.28.3/tools/cache/reflector.go:229: Failed to watch *v1alpha1.ComputeEnvironment: failed to list *v1alpha1.ComputeEnvironment: Unauthorized
W1116 12:52:04.481294 1 reflector.go:535] k8s.io/client-go@v0.28.3/tools/cache/reflector.go:229: failed to list *v1alpha1.Domain: Unauthorized
E1116 12:52:04.481329 1 reflector.go:147] k8s.io/client-go@v0.28.3/tools/cache/reflector.go:229: Failed to watch *v1alpha1.Domain: failed to list *v1alpha1.Domain: Unauthorized
W1116 12:52:04.895203 1 reflector.go:535] k8s.io/client-go@v0.28.3/tools/cache/reflector.go:229: failed to list *v1alpha1.FileSystem: Unauthorized
following is the DeploymentRuntimeConfig, Provider yaml files.
provider package and revision are in healthy state.
[swapnil@bharshankar aws-contrib]$ kubectl get provider.pkg
NAME INSTALLED HEALTHY PACKAGE AGE
aws-provider-contrib True True xpkg.upbound.io/crossplane-contrib/provider-aws:v0.45.0 246d
[swapnil@bharshankar aws-contrib]$ kubectl get providerrevision
NAME HEALTHY REVISION IMAGE STATE DEP-FOUND DEP-INSTALLED AGE
aws-provider-contrib-29c442e72f5f True 28 xpkg.upbound.io/crossplane-contrib/provider-aws:v0.44.2 Inactive 3h18m
aws-provider-contrib-9c8a43141871 True 29 xpkg.upbound.io/crossplane-contrib/provider-aws:v0.45.0 Active 28m
cluster has 2 clusterrolebinding for contrib provider.
provider is recreating serviceaccount after few mins.
[swapnil@bharshankar ~]$ kubectl get pods -n crossplane-system aws-provider-contrib-9c8a43141871-857784df8-h62pc
NAME READY STATUS RESTARTS AGE
aws-provider-contrib-9c8a43141871-857784df8-h62pc 1/1 Running 0 61m
[swapnil@bharshankar ~]$ kubectl get sa -n crossplane-system aws-provider-contrib
NAME SECRETS AGE
aws-provider-contrib 0 8m57s
[swapnil@bharshankar ~]$
Seen following entries in events.
0s Warning SyncPackage providerrevision/aws-provider-contrib-9c8a43141871 post establish runtime hook failed for package: cannot apply provider package service account: cannot patch object: serviceaccounts "aws-provider-contrib" not found
1s Normal SyncPackage providerrevision/aws-provider-contrib-29c442e72f5f Successfully configured package revision
1s Warning InstallPackageRevision provider/aws-provider-contrib current package revision is unhealthy
0s Warning InstallPackageRevision provider/aws-provider-contrib current package revision is unhealthy
0s Normal SyncPackage providerrevision/aws-provider-contrib-9c8a43141871 Successfully configured package revision
0s Normal InstallPackageRevision provider/aws-provider-contrib Successfully installed package revision
I am seeing this issue too, but only on providers that have a ControllerConfig that defines a serviceAccountName. My understanding is this is affecting many users.
Workarounds:
Delete any inactive providerRevisions
I haven't seen this behavior with DeploymentRuntimeConfig, so try migrating off ControllerConfig. The crossplane-migrator can help.
Thanks for the investigations so far everyone, as well as the workaround ideas! 🙇♂️
From what we've seen so far in this thread, this looks like something we need to fix and backport to a v1.14.2 patch release as soon as we can - i've triaged as such. Thanks for the patience!
What happened?
I am getting below error in aws contrib pod after upgrading aws contrib provider version in crossplane v1.14.0
following is the DeploymentRuntimeConfig, Provider yaml files.
provider package and revision are in healthy state.
cluster has 2 clusterrolebinding for contrib provider.
provider is recreating serviceaccount after few mins.
Seen following entries in events.
How can we reproduce it?
I tried same on 2nd cluster and received same error. Please find the attachment for logs from 2nd cluster.
crossplane-log.txt
What environment did it happen in?
Crossplane version: v1.14.0
The text was updated successfully, but these errors were encountered: