[jira] [Created] (FLINK-32103) RBAC flinkdeployments/finalizers missing for OpenShift Deployment

Mon, 15 May 2023 14:17:25 -0700 

James Busche created FLINK-32103:
------------------------------------

             Summary: RBAC flinkdeployments/finalizers missing for OpenShift 
Deployment
                 Key: FLINK-32103
                 URL: https://issues.apache.org/jira/browse/FLINK-32103
             Project: Flink
          Issue Type: Bug
          Components: Kubernetes Operator
    Affects Versions: kubernetes-operator-1.5.0
            Reporter: James Busche


In OpenShift 4.10 and above, I'm noticing with the Flink 1.5.0 RC release that 
there's an issue with flinkdeployments on OpenShift.  Flinkdeployments are 
stuck in upgrading:
{quote}oc get flinkdep

NAME                                    JOB STATUS   LIFECYCLE STATE

basic-example                                        UPGRADING
{quote}
 

The error message looks like:
{quote}oc describe flinkdep basic-example

....

Error:                          
{"type":"org.apache.flink.kubernetes.operator.exception.ReconciliationException","message":"org.apache.flink.client.deployment.ClusterDeploymentException:
 Could not create Kubernetes cluster 
\"basic-example\".","throwableList":[\{"type":"org.apache.flink.client.deployment.ClusterDeploymentException","message":"Could
 not create Kubernetes cluster 
\"basic-example\"."},\{"type":"org.apache.flink.kubernetes.shaded.io.fabric8.kubernetes.client.KubernetesClientException","message":"Failure
 executing: POST at: 
https://172.30.0.1/apis/apps/v1/namespaces/default/deployments. Message: 
Forbidden!Configured service account doesn't have access. Service account may 
have been revoked. deployments.apps \"basic-example\" is forbidden: cannot set 
blockOwnerDeletion if an ownerReference refers to a resource you can't set 
finalizers on: , <nil>."}]}

 

 Job Manager Deployment Status:  MISSING
{quote}
 

The solution is to fix it in the rbac.yaml of the helm template, adding a "  - 
flinkdeployments/finalizers" line to the flink.apache.org apiGroup.

 

If the Operator is already running and flinkdeployments are having trouble on 
OpenShift, then someone can manually edit the flink-kubernetes-operator.v1.5.0 
clusterrole and add the

"  - flinkdeployments/finalizers" in the flink.apache.org apiGroup.

 

I'll create a PR that addresses this.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to