[jira] [Closed] (FLINK-32103) RBAC flinkdeployments/finalizers missing for OpenShift Deployment

Thu, 18 May 2023 23:34:04 -0700 


     [ 
https://issues.apache.org/jira/browse/FLINK-32103?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gyula Fora closed FLINK-32103.
------------------------------
    Fix Version/s: kubernetes-operator-1.6.0
         Assignee: James Busche
       Resolution: Fixed

merged to main 0edb5443bf38c7a2dd5ada56f10301e4799f9b35

> RBAC flinkdeployments/finalizers missing for OpenShift Deployment
> -----------------------------------------------------------------
>
>                 Key: FLINK-32103
>                 URL: https://issues.apache.org/jira/browse/FLINK-32103
>             Project: Flink
>          Issue Type: Bug
>          Components: Kubernetes Operator
>    Affects Versions: kubernetes-operator-1.5.0
>            Reporter: James Busche
>            Assignee: James Busche
>            Priority: Major
>             Fix For: kubernetes-operator-1.6.0
>
>
> In OpenShift 4.10 and above, I'm noticing with the Flink 1.5.0 RC release 
> that there's an issue with flinkdeployments on OpenShift.  Flinkdeployments 
> are stuck in upgrading:
> {quote}oc get flinkdep
> NAME                                    JOB STATUS   LIFECYCLE STATE
> basic-example                                        UPGRADING
> {quote}
>  
> The error message looks like:
> {quote}oc describe flinkdep basic-example
> ....
> Error:                          
> {"type":"org.apache.flink.kubernetes.operator.exception.ReconciliationException","message":"org.apache.flink.client.deployment.ClusterDeploymentException:
>  Could not create Kubernetes cluster 
> \"basic-example\".","throwableList":[\{"type":"org.apache.flink.client.deployment.ClusterDeploymentException","message":"Could
>  not create Kubernetes cluster 
> \"basic-example\"."},\{"type":"org.apache.flink.kubernetes.shaded.io.fabric8.kubernetes.client.KubernetesClientException","message":"Failure
>  executing: POST at: 
> https://172.30.0.1/apis/apps/v1/namespaces/default/deployments. Message: 
> Forbidden!Configured service account doesn't have access. Service account may 
> have been revoked. deployments.apps \"basic-example\" is forbidden: cannot 
> set blockOwnerDeletion if an ownerReference refers to a resource you can't 
> set finalizers on: , <nil>."}]}
>  
>  Job Manager Deployment Status:  MISSING
> {quote}
>  
> The solution is to fix it in the rbac.yaml of the helm template, adding a "  
> - flinkdeployments/finalizers" line to the flink.apache.org apiGroup.
>  
> If the Operator is already running and flinkdeployments are having trouble on 
> OpenShift, then someone can manually edit the 
> flink-kubernetes-operator.v1.5.0 clusterrole and add the
> "  - flinkdeployments/finalizers" in the flink.apache.org apiGroup.
>  
> I'll create a PR that addresses this.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to