[Ansible-service-broker] Can OAB be deployed on k8s ?

David Zager dzager at redhat.com
Thu Nov 8 16:30:32 UTC 2018 

It appears that the "latest" automation-broker-apb image is using a 3.10
broker image. That would cause the scenario you mention:

[2018-11-08T05:18:28.93Z] [DEBUG] - Creating k8s apiserver
[2018-11-08T05:18:28.932Z] [ERROR] - Unable to retrieve cluster roles rules
from cluster
 You must be using OpenShift 3.7 to use the User rules check.
clusterroles.rbac.authorization.k8s.io "admin" is forbidden: User
"system:serviceaccount:automation-broker:automation-broker" cannot get
clusterroles.rbac.authorization.k8s.io at the cluster scope

I will first verify that updating the images to the latest broker fixes the
issue, update the "latest" automation-broker-apb, and add a comment to the
blog post.

One caveat, it appears there are 251 bundles when the helm adapter is
enabled and looking at all of the stable helm charts. The startup sequence
for the broker will take some time and it may be better to:

   1. wait_for_broker: false
   2. broker_probe_initial_delay: 300

I'll be sure to add these notes in any comment/update I make to the blog
post.

On Thu, Nov 8, 2018 at 10:43 AM Shawn Hurley <shurley at redhat.com> wrote:

> Which version of the automation broker are you using and how are you
> deploying? I think you will probably want to look into either the 1.
> Auto Escalate config value or 2. The permissions of the
> automation-broker that you are granting
>
> Thanks,
>
> Shawn Hurley
> On Thu, Nov 8, 2018 at 1:10 AM Charles Moulliard <cmoullia at redhat.com>
> wrote:
> >
> > When the pod of OAB starts, then this error message appears
> >
> > [2018-11-08T05:18:28.93Z] [DEBUG] - Creating k8s apiserver
> > [2018-11-08T05:18:28.932Z] [ERROR] - Unable to retrieve cluster roles
> rules from cluster
> >  You must be using OpenShift 3.7 to use the User rules check.
> > clusterroles.rbac.authorization.k8s.io "admin" is forbidden: User
> "system:serviceaccount:automation-broker:automation-broker" cannot get
> clusterroles.rbac.authorization.k8s.io at the cluster scope
> >
> >
> >
> >
> > On Wed, Nov 7, 2018 at 10:19 PM Charles Moulliard <cmoullia at redhat.com>
> wrote:
> >>
> >> Hi
> >>
> >> I'm trying to install OAB on k8s v1.11 according to the info reported
> here [1] and that fails as the k8s service catalog can't access the broker
> [2]
> >>
> >> Can OAB be deployed on k8s ? Is there a workaround ?
> >>
> >> [1]
> https://blog.openshift.com/automation-broker-discovering-helm-charts/
> >> [2] https://goo.gl/8F3WxV
> >>
> >> Regards
> >>
> >> Charles
> >
> > _______________________________________________
> > Ansible-service-broker mailing list
> > Ansible-service-broker at redhat.com
> > https://www.redhat.com/mailman/listinfo/ansible-service-broker
>
> _______________________________________________
> Ansible-service-broker mailing list
> Ansible-service-broker at redhat.com
> https://www.redhat.com/mailman/listinfo/ansible-service-broker
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/ansible-service-broker/attachments/20181108/50ee5a67/attachment.htm>

More information about the Ansible-service-broker mailing list