[Ansible-service-broker] Issue to create MySQL APB instance on ocp 3.7

Charles Moulliard cmoullia at redhat.com
Fri Jan 26 13:10:49 UTC 2018 

Hmhmh. The rule is not there.

apiVersion: v1
kind: ClusterRole
metadata:
  creationTimestamp: 2018-01-26T10:33:15Z
  name: asb-auth
  resourceVersion: "4154"
  selfLink: /oapi/v1/clusterroles/asb-auth
  uid: 512a7de2-0284-11e8-bd96-8a164c505ef4
rules:
- apiGroups:
  - ""
  attributeRestrictions: null
  resources:
  - namespaces
  verbs:
  - create
  - delete
- apiGroups:
  - authorization.openshift.io
  attributeRestrictions: null
  resources:
  - subjectrulesreview
  verbs:
  - create
- apiGroups:
  - authorization.k8s.io
  attributeRestrictions: null
  resources:
  - subjectaccessreviews
  verbs:
  - create
- apiGroups:
  - authentication.k8s.io
  attributeRestrictions: null
  resources:
  - tokenreviews
  verbs:
  - create



On Fri, Jan 26, 2018 at 2:04 PM, Ryan Hallisey <rhallise at redhat.com> wrote:

> I could be wrong, but I think the User
> "system:serviceaccount:ansible-service-broker:asb" is only allowed to
> create networkpolicies in the namespace ansible-service-broker.
>
> Also let's double check your user has the correct permissions. See if
> you find the rule below in `kubectl get clusterrole asb-auth -o yaml`.
>
> - apiGroups: ["networking.k8s.io", ""]
>   attributeRestrictions: null
>   resources: ["networkpolicies"]
>   verbs: ["create", "delete"]
>
> On Fri, Jan 26, 2018 at 7:28 AM, Charles Moulliard <cmoullia at redhat.com>
> wrote:
> > If I look to the log of the ASB pod, then I see such error when AS B
> tries
> > to create the network resource within the "test" namespace
> >
> > [2018-01-26T12:02:41.757Z] [DEBUG] - Creating network policy for pod:
> > apb-36748357-1681-44b8-be32-6e0cc12ec606 to grant network access to ns:
> test
> > [2018-01-26T12:02:41.758Z] [ERROR] - unable to create network policy
> object
> > - User "system:serviceaccount:ansible-service-broker:asb" cannot create
> > networkpolicies.networking.k8s.io in the namespace "test": User
> > "system:serviceaccount:ansible-service-broker:asb" cannot create
> > networkpolicies.networking.k8s.io in project "test" (post
> > networkpolicies.networking.k8s.io)
> > [2018-01-26T12:02:41.758Z] [ERROR] - User
> > "system:serviceaccount:ansible-service-broker:asb" cannot create
> > networkpolicies.networking.k8s.io in the namespace "test": User
> > "system:serviceaccount:ansible-service-broker:asb" cannot create
> > networkpolicies.networking.k8s.io in project "test" (post
> > networkpolicies.networking.k8s.io)
> > [2018-01-26T12:02:41.758Z] [ERROR] - Problem executing apb
> > [apb-36748357-1681-44b8-be32-6e0cc12ec606] provision - err: User
> > "system:serviceaccount:ansible-service-broker:asb" cannot create
> > networkpolicies.networking.k8s.io in the namespace "test": User
> > "system:serviceaccount:ansible-service-broker:asb" cannot create
> > networkpolicies.networking.k8s.io in project "test" (post
> > networkpolicies.networking.k8s.io)
> >
> > Is it the reason of my issue ? If yes, how can we resolve the problem ?
> >
> >
> > On Fri, Jan 26, 2018 at 1:06 PM, Charles Moulliard <cmoullia at redhat.com>
> > wrote:
> >>
> >> Hi,
> >>
> >> I have used the Openshift UI screens to install under "test" namespace
> the
> >> MySQL service instance
> >> and I get such errors if I look to the "events"
> >>
> >>
> >> https://www.dropbox.com/s/5cptnq47zf8rava/Screenshot%
> 202018-01-26%2013.04.33.png?dl=0
> >>
> >> ServiceBinding cannot begin because referenced ServiceInstance
> >> "test/dh-mysql-apb-7wzcr" is not ready
> >> Provision call failed: Error occurred during provision. Please contact
> >> administrator if it persists.
> >>
> >> Project has been installed on OCP 3.7 with option --service-catalog
> >> and Ansible Broker using the following template
> >>
> >> oc new-project ansible-service-broker
> >> curl -s
> >> https://raw.githubusercontent.com/openshift/ansible-service-
> broker/master/templates/simple-broker-template.yaml
> >> | oc process -n "ansible-service-broker" -f - | oc create -f -
> >>
> >> How can I troubleshoot such errors ?
> >>
> >> Regards
> >>
> >> Charles
> >>
> >
> >
> > _______________________________________________
> > Ansible-service-broker mailing list
> > Ansible-service-broker at redhat.com
> > https://www.redhat.com/mailman/listinfo/ansible-service-broker
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/ansible-service-broker/attachments/20180126/5631dfca/attachment.htm>

More information about the Ansible-service-broker mailing list