Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix service catalog permissions #7

Merged
merged 1 commit into from
Jun 26, 2018
Merged

Fix service catalog permissions #7

merged 1 commit into from
Jun 26, 2018

Conversation

0xmichalis
Copy link
Contributor

Still need to test but I think we can fix the sc breakage for now with this

fixes #3

/hold

@0xmichalis
Copy link
Contributor Author

@jim-minter fyi

@0xmichalis
Copy link
Contributor Author 

$ oc logs servicecatalog-api-5fc6947b9c-jqkz2
I0626 12:50:16.999777       1 feature_gate.go:190] feature gates: map[OriginatingIdentity:true]
I0626 12:50:16.999891       1 hyperkube.go:192] Service Catalog version v3.10.0-rc.0+8d6748f-dirty (built 2018-06-26T01:24:38Z)
W0626 12:50:17.278963       1 authentication.go:232] Unable to get configmap/extension-apiserver-authentication in kube-system.  Usually fixed by 'kubectl create rolebinding -n kube-system ROLE_NAME --role=extension-apiserver-authentication-reader --serviceaccount=YOUR_NS:YOUR_SA'
Error: open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory

hrm

@0xmichalis
Copy link
Contributor Author

@jim-minter @pweil- managed to get the service catalog deployed with this patch - but it seems this is the wrong approach to follow...

If I don't set the standalone mode env, I get the following error:

I0626 15:06:54.117596       1 feature_gate.go:190] feature gates: map[OriginatingIdentity:true]
I0626 15:06:54.117746       1 hyperkube.go:192] Service Catalog version v3.10.0-rc.0+8d6748f-dirty (built 2018-06-26T01:24:38Z)
W0626 15:06:54.689261       1 util.go:111] OpenAPI spec will not be served
E0626 15:06:54.689770       1 util.go:138] Failed to get kube client config: open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory
Error: open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory

which comes from here. inCluster is set based on the s.StandaloneMode boolean here which in turn is dictated by the SERVICE_CATALOG_STANDALONE env here.

Comments in the code point that the env is used only for testing, so we probably need to figure out a different way of fixing this (make service catalog accept one more kubeconfig flag). We probably want to loop in someone responsible for the SC.

@pweil-
Copy link
Contributor

pweil- commented Jun 26, 2018

@jwmatthews

@0xmichalis
Copy link
Contributor Author

Opened kubernetes-retired/service-catalog#2158

@0xmichalis
Copy link
Contributor Author

Removed the test env, running off of the upstream PR applied on our fork, seems to work fine.

@jim-minter jim-minter merged commit 5f3eddf into openshift:master Jun 26, 2018
@0xmichalis 0xmichalis deleted the sc-permissions branch June 26, 2018 17:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

service catalog does not have enough access to run
3 participants
@0xmichalis @pweil- @jim-minter