Operator not working on okd 4.14 because of rbac issues #37
Comments
|
Hello @Elyytscha ! Could you kindly provide some clarification on the process for installing the operator? Are you utilizing Operatorhub for this purpose? We will check this case. Thank you for contribution! |
|
i thought because i wrote openshift it would be clear that its handled by olm via subscription :) i'm sorry for not communicating it correctly initially |
|
and because i forgot this too..: its the default openshift community operator catalog (not the operatorhub catalog directly) but imo there should be no difference, because on both catalogs v1.19.0 is the latest version for the edp keycloak operator |
|
Hello @Elyytscha! Thank you for reaching out. As the installation was carried out via Operator Hub, the operation in cluster-wide mode "clusterReconciliationEnabled: false" has been disabled. This is why ClusterRole and ClusterRoleBinding weren't created. For your specific scenario, we recommend that you utilize our repository with the edp-cluster-addons approach. Alternatively, you can directly install the chart following the provided instructions, please do not forget to redefine respective values. It's worth noting that both approaches come with the updated 1.20.0 version of our operator. If you have any more questions, feel free to reach out. |
may I ask why this is the cause, I installed the operator in clustermode, why cluster mode is then disabled?
I would really like to avoid helm and utilize olm for installing operators |
Jira: EPMDEDP-13399 Related: #37 Change-Id: Iafe2de09c59e440c4bbfcdd21dd0ceaf524985b5
Change-Id: I1e2e458fcb0050785c87cdecdaf436451e549112
We did not take this into account for this installation mode, now we have made these fixes in a future release, which will already be mandatory
I understand, thanks again for participating in the development of the project. |
* feat: Enable secret support in KeycloakRealmIdentityProvider resource (epam#20) Change-Id: Ib61e3cc1ff6e27566d5e6d8f5e7e71e784014fea * fix: KeycloakRealmIdentityProvider config secret reference is replaced by the plain secret (epam#20) Change-Id: I85f0715b699a7a9d2f0cd388dbe57b33dabe2007 * test: Add e2e for KeycloakRealmIdentityProvider using secret (epam#20) Signed-off-by: Sergiy Kulanov <[email protected]> Change-Id: I63ce8386cfdd00d4065fd34238ac54931c142087 * feat: Add annotation for preserving resources deletion (epam#18) Added 'edp.epam.com/preserve-resources-on-deletion: true' annotation processing to prevent the operator from deleting resources from keycloak. Change-Id: I0301c611b7e2de8388363297720650340c891c15 * feat: Enable secret reference support in KeycloakClient resource (epam#21) Change-Id: I35ff2b0d20e624c5bb6d38deacfd68609efec56e * chore: Update GH actions and release pipeline (epam#23) Signed-off-by: Sergiy Kulanov <[email protected]> Change-Id: Ib000433f61da9df3b297006e90a9d2a3bee873b1 * test: Create client without specifying client secret (epam#21) We expect that the secret will be created by operator in default format: keycloak-client-keycloakclient-nosecret-secret:clientSecret Signed-off-by: Sergiy Kulanov <[email protected]> Change-Id: I20481c36b83e741bf319490196a95a91879f5b14 * chore: Generate bundle for OperatorHub v1.19.0 (epam#23) Signed-off-by: Sergiy Kulanov <[email protected]> Change-Id: Ife12693d3131c297f5453434b25cfa06c848da70 * chore: Update current development version (epam#23) Change-Id: I6529b81ec407248391c2d243678307f3619f1263 * chore: Add printcolumn status for all custom resources (epam#23) Signed-off-by: Sergiy Kulanov <[email protected]> Change-Id: Ia0ea7fe9c5333e57f4f9f19289778b143a45fafc * fix: The default realm role is no longer works (epam#22) Starting from keycloak 13.0, to make the realm role default, we need to add it to a composite role named default-roles-<realmName>. More details: https://www.keycloak.org/docs/22.0.5/release_notes/#default-roles-processing-improvement Change-Id: I0811be86ab1f5cf30e6cbf0e3692b46da604fbf9 * feat: Add missing fields to KeycloakClient (epam#24) Change-Id: I0cf5aefeea100f0c504b0b9258ea8b947cb74b52 * chore: Update current development version (epam#27) Change-Id: I4cf4bd6c1a239faacb60e529b18822c9626b81f2 * chore: Generate OperatorHub bundle for the version 1.20.0 (epam#27) Signed-off-by: Sergiy Kulanov <[email protected]> Change-Id: I797aa4cf27a47807a49bed6b3dc74d2288446b18 * docs: Update README md file (#132) Change-Id: If140772f1f3cb3e12c8fc610ece8605646b72976 * feat: Allow secret references in KeycloakRealmComponent (epam#30) Allow the config property of KeycloakRealmComponent to have references to secret values on the $secretName:secretValue format * test: Add integration tests for KeycloakRealm (epam#31) Change-Id: I900237a73cf475f175f6a1ef32fb8766d87e60c0 * feat: Enable review for pull requests (epam#32) Jira: EPMDEDP-13281 Related: epam#32 Change-Id: Idcd30bae279aba2c395e064d891fbc6144f9495e * chore: Implement cache in github workflow (epam#34) Related epam#34 Change-Id: Ifeac480eb6e7f6db3476395b17c0e0c6cd39250e * chore: Remove explicit caching in workflows (epam#34) * chore: Add ClusterRoleBinding for operatorHub(epam#37) Jira: EPMDEDP-13399 Related: epam#37 Change-Id: Iafe2de09c59e440c4bbfcdd21dd0ceaf524985b5 * chore: Update operator bundle (epam#37) Change-Id: I1e2e458fcb0050785c87cdecdaf436451e549112 * chore: Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 (epam#39) Change-Id: I8df06386377ca229569a2443819da0da69d2c995 * feat: Allow creating Authorization Policies for a Client (epam#28) Change-Id: I7ca281ac73fbc1a6977ce0a87f0ef1f91b065a59 * feat: Allow creating Authorization Permissions for a Client (epam#28) Change-Id: I7df5a4f0fa7bb83313bf90cdd9790d73904935ec * fix: Remove from code coverage mock files (epam#28) Change-Id: Iba7aef8aa798eb814087ebeffac83b8803ce5323 * feat: Add custom certificate support (epam#36) Added two options to work with certificates for Keycloak/ClusterKeycloak CR: - caCert property with a certificate - insecureSkipVerify property to not check certificates Change-Id: I275666e98a3705b16e2727c622a79fc4a520d852 * feat: Add ability to configure Realm token Settings (epam#38) Change-Id: I09dbc7267b7e713da4d48f67a8d3032a7f8af1f9 * feat: Add Scopes to KeycloakClient Authorization spec (epam#41) * feat: Full reconciliation of KeycloakRealmUser (epam#45) - Added possibility to update user by updating KeycloakRealmUser - KeepResource set to true by default. It makes no sense to remove KeycloakRealmUser CR after processing. Change-Id: Ieb4f1c864282384199a7eede18b4262045b97413 * test: Add integration tests for KeycloakAuthFlow (epam#31) Change-Id: Ia4fb937d5bc88e9a44865bd32ddb1759fee0a1cd * test: Add integration tests for KeycloakRealmUser (epam#31) Change-Id: Ia63c79d437d83fe0acd285282acbbb14752a12cd * feat: Remove SSORealm functionality from KeycloakRealm (epam#47) Change-Id: Ic442cd8fa3572e60139a814d063b875ff4a9ff64 * feat: Add support for composite client role (epam#44) - Added the possibility of assigning client roles to the composite role. - Added complete reconciliation of composite roles. Now, if a role is removed from the composite in CR, the related role will be removed from the keycloak role. Change-Id: Ida8cb35a601173013335f4cc1e82062e924b1807 * chore: Migrate from gerrit to github pipelines (epam#49) * chore(deps): Bump golang.org/x/net from 0.17.0 to 0.23.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](golang/net@v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * test: Add integration tests for KeycloakClientScope (epam#31) * chore: Add CODEOWNERS (epam#49) Fix build pipeline Signed-off-by: Sergiy Kulanov <[email protected]> * feat: Add imagePullSecrets to enable private repository * chore: Bump to Go 1.22 (epam#57) * chore: Update current development version (epam#59) * chore: Generate OperatorHub bundle for v1.21.0 (epam#59) Signed-off-by: Sergiy Kulanov <[email protected]> * Formatting * Replace .github directory * Fix unit tests * Delete CODEOWNERS --------- Signed-off-by: Sergiy Kulanov <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Zorian Motso <[email protected]> Co-authored-by: Sergiy Kulanov <[email protected]> Co-authored-by: Mykola Marusenko <[email protected]> Co-authored-by: Oleksandr_Stepanov <[email protected]> Co-authored-by: Erlend Tobiassen <[email protected]> Co-authored-by: oleksandr_taruraiev <[email protected]> Co-authored-by: Mykola Serdiuk <[email protected]> Co-authored-by: Oleksandr Redko <[email protected]> Co-authored-by: Douglass Kirkley <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ben Greene <[email protected]>
i wasn't able to install the operator successfully on openshift, the operator was crashlooping because of permission errors for clusterkeycloaks and clusterkeycloakrealms api's
i added the following crb's to fix it
The text was updated successfully, but these errors were encountered: