prometheus-apb fails even with cluster-admin access #12
Comments
|
This seems a lot like #5 but the suggested fixes there are not working. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm attempting to install the prometheus-apb on cdk 3.5.0 on Mac OS X and the prometheus-apb is failing, even when I assign cluster-admin to the developer account.
** config
Mac OS X
3.5.0-1 cdk (cdk-3.5.0-1-minishift-darwin-amd64)
oc v3.10
** Steps to reproduce
using the 3.5.0-1 cdk (cdk-3.5.0-1-minishift-darwin-amd64)
MINISHIFT_ENABLE_EXPERIMENTAL=y minishift start --ocp-tag v3.10.14 --extra-clusterup-flags "--enable=*,service-catalog,automation-service-broker"
oc login -u system:admin
oc export cm/broker-config -n openshift-automation-service-broker | sed 's/sandbox_role: .*/sandbox_role: "admin"/' | oc replace -f - cm/broker-config -n openshift-automation-service-broker
oc rollout latest dc/openshift-automation-service-broker -n openshift-automation-service-broker
oc adm policy add-cluster-role-to-user cluster-admin developer
DEPRECATED: APB playbooks should be stored at /opt/apb/project
| cp: omitting directory ‘/opt/apb/actions/vars’
|
| PLAY [[PROMETHEUS APB][PROVISION] Provision application Prometheus APB] ********
|
| TASK [ansible.kubernetes-modules : Install latest openshift client] ************
| skipping: [localhost]
|
| TASK [ansibleplaybookbundle.asb-modules : debug] *******************************
| skipping: [localhost]
|
| TASK [prometheus-apb : [PROMETHEUS-APB][MAIN] MongoDB] *************************
| ok: [localhost] => {
| "msg": [
| "Entering on Main:",
| " Mode: provision",
| " State: present",
| " Plan: ephemeral"
| ]
| }
|
| TASK [prometheus-apb : [PROMETHEUS APB][MAIN] Deploying Prometheus] ************
| included: /opt/ansible/roles/prometheus-apb/tasks/prometheus.yml for localhost
|
| TASK [prometheus-apb : [PROMETHEUS][PROVISION] Set to present the Prometheus ServiceAccount] ***
| changed: [localhost]
|
| TASK [prometheus-apb : [PROMETHEUS][PROVISION] Recover secret name] ************
| skipping: [localhost] => (item={u'kind': None, u'name': u'prometheus-dockercfg-t75q5', u'namespace': None, u'resource_version': None, u'field_path': None, u'api_version': None, u'uid': None})
| ok: [localhost] => (item={u'kind': None, u'name': u'prometheus-token-svmnp', u'namespace': None, u'resource_version': None, u'field_path': None, u'api_version': None, u'uid': None})
|
| TASK [prometheus-apb : [PROMETHEUS][PROVISION] Recovering Service Account token] ***
| ok: [localhost]
|
| TASK [prometheus-apb : [PROMETHEUS][PROVISION] Creating a fact with the secret token of Service Account] ***
| ok: [localhost]
|
| TASK [prometheus-apb : [PROMETHEUS][PROVISION] Set to present RoleBinding for Service Account] ***
| fatal: [localhost]: FAILED! => {"changed": false, "error": 403, "msg": "Failed to retrieve requested object: rolebindings.rbac.authorization.k8s.io "prometheus-view" is forbidden: User "system:serviceaccount:dh-prometheus-apb-prov-spprs:bundle-ed74d1b6-e96f-40c1-acb6-d12ed9148981" cannot get rolebindings.rbac.authorization.k8s.io in the namespace "foobar": User "system:serviceaccount:dh-prometheus-apb-prov-spprs:bundle-ed74d1b6-e96f-40c1-acb6-d12ed9148981" cannot get rolebindings.rbac.authorization.k8s.io in project "foobar""}
|
| PLAY RECAP *********************************************************************
| localhost : ok=6 changed=1 unreachable=0 failed=1
The text was updated successfully, but these errors were encountered: