-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tigera Operator Chart 3.26 BGPFilters is forbidden #7715
Comments
Going to close this in favor of the other issue, thanks for raising! |
Oh whoops, looks like the other is just a link to this so actually going to leave this open! |
We recently updated from .25 to .26 and we are also encountering this issue. Weird enough a restart of the calico operator seems to solve it temporarily |
This can actually cause cluster-wide issues with garbage collection. I just had to investigate why garbage collection of e.g. cronjobs and Pods was broken on my cluster. Turns out, missing permissions are a bit of an issues for the garbage collector:
(Don't be thrown off by the timestamps I added the second log line afterwards, they appear in sync) With this, the garbage collector will run into a timeout when trying to refresh its cached objects and therefore never run. Edit 2023-06-08: I actually went and downgraded again, as the issue seems to persist even after running the newest version of the tigera operator (v1.30.2). I downgraded and removed the bgpfilter CRD to resolve the issue for good now. |
Hi @caseydavenport, can we expect fix for this to be added in v3.27.0 of the helm chart ? thanks. |
Context
After upgrading the
tigera-operator
helm chart to 3.26.0, pod cleanup fails.kube-controller-manager
andcalico-apiserver
log:and
respectively.
Seems like the
calico-crds
cluster role maybe missing thebgpfilters
resource. Unfortunately I didn't get a chance to look before I rolled back. I'm unsure if this is related to #7598.Rolling the chart back to 3.25.1 resolves the issue.
UPDATE: This appears to have been fixed in tigera/operator@792df2f, however the commit is not part of 1.30 tag. I've created 2675.
Your Environment
The text was updated successfully, but these errors were encountered: