operator: serving install via olm fails

Describe the bug serving install via olm fails with the following error:

      Install failed with message: clusterrolebindings.rbac.authorization.k8s.io "knative-serving-controller-admin" is forbidden: user "system:serviceaccount:operators:knative-operator" (groups=["system:serviceaccounts" "system:serviceaccounts:operators" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
      {APIGroups:[""], Resources:["configmaps"], Verbs:["update" "patch"]}
      {APIGroups:[""], Resources:["endpoints"], Verbs:["get" "list" "create" "update" "delete" "patch" "watch"]}
      {APIGroups:[""], Resources:["endpoints/restricted"], Verbs:["create"]}
      {APIGroups:[""], Resources:["events"], Verbs:["get" "list" "delete" "watch"]}
      {APIGroups:[""], Resources:["namespaces"], Verbs:["list" "create" "delete" "patch"]}
      {APIGroups:[""], Resources:["namespaces/finalizers"], Verbs:["update"]}
      {APIGroups:[""], Resources:["pods"], Verbs:["get" "list" "create" "update" "delete" "patch" "watch"]}
      {APIGroups:[""], Resources:["secrets"], Verbs:["get" "list" "create" "update" "delete" "patch" "watch"]}
      {APIGroups:[""], Resources:["serviceaccounts"], Verbs:["get" "list" "create" "update" "delete" "patch" "watch"]}
      {APIGroups:[""], Resources:["services"], Verbs:["update" "patch"]}
      {APIGroups:["admissionregistration.k8s.io"], Resources:["mutatingwebhookconfigurations"], Verbs:["get" "list" "create" "update" "delete" "patch" "watch"]}
      {APIGroups:["admissionregistration.k8s.io"], Resources:["validatingwebhookconfigurations"], Verbs:["get" "list" "create" "update" "delete" "patch" "watch"]}
      {APIGroups:["apiextensions.k8s.io"], Resources:["customresourcedefinitions/status"], Verbs:["get" "list" "create" "update" "delete" "patch" "watch"]}
      {APIGroups:["apps"], Resources:["deployments"], Verbs:["patch"]}
      {APIGroups:["apps"], Resources:["deployments/finalizers"], Verbs:["get" "list" "create" "update" "delete" "patch" "watch"]}
      {APIGroups:["autoscaling"], Resources:["horizontalpodautoscalers"], Verbs:["patch" "watch"]}
      {APIGroups:["autoscaling.internal.knative.dev"], Resources:["*"], Verbs:["get" "list" "create" "update" "delete" "deletecollection" "patch" "watch"]}
      {APIGroups:["autoscaling.internal.knative.dev"], Resources:["*/finalizers"], Verbs:["get" "list" "create" "update" "delete" "deletecollection" "patch" "watch"]}
      {APIGroups:["autoscaling.internal.knative.dev"], Resources:["*/status"], Verbs:["get" "list" "create" "update" "delete" "deletecollection" "patch" "watch"]}
      {APIGroups:["networking.internal.knative.dev"], Resources:["*"], Verbs:["get" "list" "create" "update" "delete" "deletecollection" "patch" "watch"]}
      {APIGroups:["networking.internal.knative.dev"], Resources:["*/finalizers"], Verbs:["get" "list" "create" "update" "delete" "deletecollection" "patch" "watch"]}
      {APIGroups:["networking.internal.knative.dev"], Resources:["*/status"], Verbs:["get" "list" "create" "update" "delete" "deletecollection" "patch" "watch"]}
      {APIGroups:["serving.knative.dev"], Resources:["*"], Verbs:["get" "list" "create" "update" "delete" "deletecollection" "patch" "watch"]}
      {APIGroups:["serving.knative.dev"], Resources:["*/finalizers"], Verbs:["get" "list" "create" "update" "delete" "deletecollection" "patch" "watch"]}
      {APIGroups:["serving.knative.dev"], Resources:["*/status"], Verbs:["get" "list" "create" "update" "delete" "deletecollection" "patch" "watch"]}

Expected behavior serving install via olm succeeds

To Reproduce minikube start operator-sdk olm install kubectl create -f https://operatorhub.io/install/knative-operator.yaml

kubectl apply --filename - <<EOF
apiVersion: v1
kind: Namespace
metadata:
  name: knative-serving
---
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
  name: knative-serving
  namespace: knative-serving
spec:
  ingress:
    kourier:
      enabled: true
  config:
    network:
      ingress.class: "kourier.ingress.networking.knative.dev"
EOF

Knative release version v0.25.0

Additional context I attempted with the following versions: olm v0.18.3 kubernetes v1.22.1, v1.21.4 Note that install succeeds if operator is installed directly rather than via olm.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Reactions: 1
  • Comments: 18 (6 by maintainers)

Most upvoted comments

1.9.0 still occurring

+1
mathianasj on Mar 6, 2023
Read more comments on GitHub
← operator: 1.5 -> 1.6 upgrade fails due to invalid CRD spec
pkg: Controller Pods are too slow to become the new leader after the previous leader releases the ownership →