-
Notifications
You must be signed in to change notification settings - Fork 563
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[regression] Prometheus Operator fails to start due to RBAC permissions #1045
Comments
CC @zfrhv |
hello, thanks for mentioning its true that the operator tries to check resources outside his namespaces so he gets the RBAC errors. i will try to check this problem tomorrow (or in a few days) when i can get my hands on lab. meanwhile, do you see any other errors? or could you please provide your prometheus custom resource configuration? and what do you mean but "stopped working", is it crashLoopBackoff or prometheus doesnt detects and serviceMonitors? i also get forbiden to list secret errors, but prometheus still monitors fine |
If you have an existing Prometheus then it might continue to work (likely), but if you create a new Prometheus Operator subscription in a new namespace, and try to create a This is a pretty serious regression as new deployments are no longer possible. |
Also I'm wondering why these types of changes are happening in a stable release channel without a bump in CSV version. |
the CSV version goes with the operator version, so if bumping the CSV then the operator also needs to be bumped when using the
im not sure why it doesnt creates prometheus workload for you, i didnt tried to install the operator with operator-sdk, i install all of the operators with OLM seems to work fine for me, but i will check it later. maybe you are right maybe a good solution would be to enable MultiNamespace installation, and then configure the im not sure how to do it tho, im a little busy these days, but i can check later. |
hii, |
@leifmadsen can you please verify that it works for you? |
I will try it tomorrow thanks. |
That's not true or necessary. The CSV version is totally independent of the workload version, and by overwriting the CSV version you break the ability for OLM to perform automatic updates. In the release of my operators we use a release scheme of the |
It looks as if the changes in #1058 resolved this issue. I am no longer seeing the RBAC errors in the log, and have confirmed my CSV has the changes as merge in the referred issue. Thanks for the quick resolution. |
I've been trying to track down why the Prometheus Operator stopped working recently in our environment, and I've tracked this down to a change in #958 which was filed in #942
The change results in the following output when starting the Prometheus Operator.
You can reproduce this by running the bundles directly. First create an OperatorGroup to limit this to the local namespace in order to not conflict with existing deployments in other namespaces. I am doing this on OpenShift.
This is a request to revert the changes in 963cb69 or add the
-namespaces=$(NAMESPACES)
back in which is the top level configuration option, and then provide a separate ENVVAR to allow overriding for the otherinstance-namespaces
configurations.The text was updated successfully, but these errors were encountered: