-
Notifications
You must be signed in to change notification settings - Fork 731
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
failing in namspace creation on openshift 4.6 after installing gatekeeper #1127
Comments
It might be worth adding a config to the Helm chart that allows people to extend the permissions given to In the interim you could create a role and role binding that gives apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: gatekeeper-manager-openshift-role
namespace: gatekeeper-system
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- anyuid
resources:
- securitycontextconstraints
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
gatekeeper.sh/system: "yes"
name: gatekeeper-manager-openshift-rolebinding
namespace: gatekeeper-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: gatekeeper-manager-openshift-role
subjects:
- kind: ServiceAccount
name: gatekeeper-admin
namespace: gatekeeper-system I think you'll need to apply these after the Helm chart in order to ensure the namespace is created. |
when i was configuring the gatekeeper in GCP cluster got a similar issue It was firewall issue, enable the port 8443 in the gke master node. everthing worked fine then. |
Thanks for the update @Aabhusan ! Since this bug is ~1 year old, closing due to staleness. OP can re-open if needed. |
No problem @maxsmythe :) |
Error from server (InternalError): Internal error occurred: failed calling webhook "check-ignore-label.gatekeeper.sh": Post "https://gatekeeper-webhook-service.gatekeeper-system.svc:443/v1/admitlabel?timeout=3s": no endpoints available for service "gatekeeper-webhook-service"
Gatekeeper version - 3.2.1
Openshift version - 4.6
According to #842 this PR, we need to modify the helm chart with some configuration to work with ocp 4.x.
Is there any way to add configuration without modifying the chart?
Note: On helm installatiion, deployment status show the namespace as current oc project instead of 'gatekeeper-system'
The text was updated successfully, but these errors were encountered: