Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how to use single namespace mode #1499

Closed
raffaelespazzoli opened this issue May 3, 2020 · 5 comments
Closed

how to use single namespace mode #1499

raffaelespazzoli opened this issue May 3, 2020 · 5 comments
Labels
triage/unresolved Indicates an issue that can not or will not be resolved.

Comments

@raffaelespazzoli
Copy link

Type of question

Support question on installation modes

Question

I'd like to deploy the Prometheus operator in a namespace (monitoring-operators) in such a way that it watches another namespace (sre-monitoring). This model should be the SingleNamespace model.

From it's csv, we can see that this model is supported:

    - supported: true
      type: SingleNamespace

This is how I deploy it:

apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: sre-operators
  namespace: monitoring-operators
spec:
  targetNamespaces:
  - sre-monitoring
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: prometheus-operator
  namespace: monitoring-operators
spec:
  channel: beta
  installPlanApproval: Automatic
  name: prometheus
  source: community-operators
  sourceNamespace: openshift-marketplace

When I deploy a Prometheus objects in the sre-monitoring namespace the Prometheus operator pod emits these errors:

E0503 12:40:35.345388       1 reflector.go:125] github.com/coreos/prometheus-operator/pkg/prometheus/operator.go:448: Failed to list *v1.Prometheus: prometheuses.monitoring.coreos.com is forbidden: User "system:serviceaccount:monitoring-operators:prometheus-operator" cannot list resource "prometheuses" in API group "monitoring.coreos.com" in the namespace "sre-monitoring"
E0503 12:40:35.346505       1 reflector.go:125] github.com/coreos/prometheus-operator/pkg/prometheus/operator.go:452: Failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:monitoring-operators:prometheus-operator" cannot list resource "configmaps" in API group "" in the namespace "sre-monitoring"
E0503 12:40:35.347453       1 reflector.go:125] github.com/coreos/prometheus-operator/pkg/prometheus/operator.go:449: Failed to list *v1.ServiceMonitor: servicemonitors.monitoring.coreos.com is forbidden: User "system:serviceaccount:monitoring-operators:prometheus-operator" cannot list resource "servicemonitors" in API group "monitoring.coreos.com" in the namespace "sre-monitoring"
E0503 12:40:35.348525       1 reflector.go:125] github.com/coreos/prometheus-operator/pkg/prometheus/operator.go:450: Failed to list *v1.PodMonitor: podmonitors.monitoring.coreos.com is forbidden: User "system:serviceaccount:monitoring-operators:prometheus-operator" cannot list resource "podmonitors" in API group "monitoring.coreos.com" in the namespace "sre-monitoring"
E0503 12:40:35.349580       1 reflector.go:125] github.com/coreos/prometheus-operator/pkg/prometheus/operator.go:454: Failed to list *v1.StatefulSet: statefulsets.apps is forbidden: User "system:serviceaccount:monitoring-operators:prometheus-operator" cannot list resource "statefulsets" in API group "apps" in the namespace "sre-monitoring"
E0503 12:40:35.350639       1 reflector.go:125] github.com/coreos/prometheus-operator/pkg/prometheus/operator.go:455: Failed to list *v1.Namespace: namespaces "sre-monitoring" is forbidden: User "system:serviceaccount:monitoring-operators:prometheus-operator" cannot get resource "namespaces" in API group "" in the namespace "sre-monitoring"

so basically the permissions are not setup correctly.

Questions:

  1. am I setting up the SingleNamespace model correctly?
  2. what does OLM do to setup the permissions in this case (or what is it supposed to do)?

What did you do?
see above

What did you expect to see?
Prometheus operator should have deployed a Prometheus instance

What did you see instead? Under which circumstances?
error log, see above.

Environment
OpenShift 4.3
Prometheus operator: 0.32.0
@raffaelespazzoli raffaelespazzoli mentioned this issue May 5, 2020
Closed
@stale
Copy link

stale bot commented Jul 2, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Jul 2, 2020
@openshift-ci-robot openshift-ci-robot added triage/unresolved Indicates an issue that can not or will not be resolved. and removed wontfix labels Jul 3, 2020
@stale
Copy link

stale bot commented Sep 1, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Sep 1, 2020
@stale
Copy link

stale bot commented Nov 2, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Nov 2, 2020
@stale
Copy link

stale bot commented Jan 3, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Jan 3, 2021
@dinhxuanvu
Copy link
Member

Please consult with the doc: https://olm.operatorframework.io/docs/concepts/crds/operatorgroup/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage/unresolved Indicates an issue that can not or will not be resolved.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@raffaelespazzoli @dinhxuanvu @openshift-ci-robot