[
https://issues.apache.org/jira/browse/FLINK-27211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17522015#comment-17522015
]
Yang Wang commented on FLINK-27211:
-----------------------------------
[~jbusche] Thanks for the explanation.
> RBAC deployments/finalizers missing for OpenShift Deployment
> ------------------------------------------------------------
>
> Key: FLINK-27211
> URL: https://issues.apache.org/jira/browse/FLINK-27211
> Project: Flink
> Issue Type: Bug
> Components: Kubernetes Operator
> Affects Versions: kubernetes-operator-0.1.0
> Reporter: James Busche
> Assignee: James Busche
> Priority: Major
>
> On Openshift 4.8 when applying the basic.yaml, we see in the operator logs:
>
> ??2022-04-12 23:11:56,290 i.j.o.p.e.ReconciliationDispatcher
> *[ERROR][default/basic-example] Error during event processing ExecutionScope{
> resource id*??
> ??*: CustomResourceID\{name='basic-example', namespace='default'}, version:
> 680939} failed.*??
> ??{*}org.apache.flink.kubernetes.operator.exception.ReconciliationException:
> org.apache.flink.client.deployment.ClusterDeploymentException: Could not
> create Kubernetes clus{*}{*}ter "basic-example".{*}??
> ??{*}....{*}{*}{*}??
> ??*Caused by:
> org.apache.flink.kubernetes.shaded.io.fabric8.kubernetes.client.KubernetesClientException:
> Failure executing: POST at:* [*https://172.30.0.1/api/v1/namespaces/*]??
> ??{*}default/services. Message: Forbidden!Configured service account doesn't
> have access. Service account may have been revoked. services "basic-example"
> is forbidden: cann{*}{*}ot set blockOwnerDeletion if an ownerReference refers
> to a resource you can't set finalizers on: , <nil>.{*}??
> Manually, this can be fixed by adding to the flink role under apps apiGroups:
> - deployments/finalizers
>
> and to add to the flink-operator clusterrole under apps apiGrups:
> - deployments/finalizers
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
