<div dir="ltr">This is really strange as ServiceAccount has the right<div><br></div><div><div>oc adm policy who-can create networkpolicies</div><div>Namespace: ansible-service-broker</div><div>Verb:      create</div><div>Resource:  networkpolicies.extensions</div><div><br></div><div>Users:  admin</div><div>        system:admin</div><div>        system:serviceaccount:ansible-service-broker:asb</div><div>        system:serviceaccount:default:pvinstaller</div><div>        system:serviceaccount:openshift-infra:template-instance-controller</div><div><br></div><div>Groups: system:cluster-admins</div><div>        system:masters</div><div><br></div></div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:10px"><p style="font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:uppercase"><span>CHARLES</span> <span>MOULLIARD</span></p><p style="margin:0px 0px 4px;text-transform:uppercase"><span>SOFTWARE ENGINEER MANAGER SPRING(BOOT)</span></p><p style="margin:0px;color:rgb(153,153,153)"><a href="https://www.redhat.com/" style="color:rgb(0,136,206);margin:0px" target="_blank">Red Hat<span></span></a></p><p style="margin:0px 0px 6px;color:rgb(153,153,153)"><span style="margin:0px;padding:0px"><a href="mailto:cmoulliard@redhat.com" style="color:rgb(0,136,206);margin:0px" target="_blank">cmoulliard@redhat.com</a>   </span> <span>M: <a href="tel:+32-473-604014" style="color:rgb(0,136,206);font-size:11px;margin:0px" target="_blank">+32-473-604014</a>    </span></p><table border="0" style="font-size:medium"><tbody><tr><td width="100px"><a href="https://red.ht/sig" target="_blank"><img src="https://www.redhat.com/files/brand/email/sig-redhat.png" width="90" height="auto"></a></td></tr></tbody></table><div><div style="color:rgb(153,153,153)"><a href="https://twitter.com/cmoulliard" title="twitter" style="background:url("https://www.redhat.com/files/brand/email/sm-twitter.png") 0px 50%/16px no-repeat transparent;height:20px;color:rgb(119,119,119);display:inline-block;line-height:20px;padding-left:16px" target="_blank">@cmoulliard</a></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Fri, Jan 26, 2018 at 1:28 PM, Charles Moulliard <span dir="ltr"><<a href="mailto:cmoullia@redhat.com" target="_blank">cmoullia@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">If I look to the log of the ASB pod, then I see such error when AS B tries to create the network resource within the "test" namespace<div><br></div><div><div>[2018-01-26T12:02:41.757Z] [DEBUG] - Creating network policy for pod: apb-36748357-1681-44b8-be32-<wbr>6e0cc12ec606 to grant network access to ns: test</div><div>[2018-01-26T12:02:41.758Z] [ERROR] - unable to create network policy object - User "system:serviceaccount:<wbr>ansible-service-broker:asb" cannot create <a href="http://networkpolicies.networking.k8s.io" target="_blank">networkpolicies.networking.<wbr>k8s.io</a> in the namespace "test": User "system:serviceaccount:<wbr>ansible-service-broker:asb" cannot create <a href="http://networkpolicies.networking.k8s.io" target="_blank">networkpolicies.networking.<wbr>k8s.io</a> in project "test" (post <a href="http://networkpolicies.networking.k8s.io" target="_blank">networkpolicies.networking.<wbr>k8s.io</a>)</div><div>[2018-01-26T12:02:41.758Z] [ERROR] - User "system:serviceaccount:<wbr>ansible-service-broker:asb" cannot create <a href="http://networkpolicies.networking.k8s.io" target="_blank">networkpolicies.networking.<wbr>k8s.io</a> in the namespace "test": User "system:serviceaccount:<wbr>ansible-service-broker:asb" cannot create <a href="http://networkpolicies.networking.k8s.io" target="_blank">networkpolicies.networking.<wbr>k8s.io</a> in project "test" (post <a href="http://networkpolicies.networking.k8s.io" target="_blank">networkpolicies.networking.<wbr>k8s.io</a>)</div><div>[2018-01-26T12:02:41.758Z] [ERROR] - Problem executing apb [apb-36748357-1681-44b8-be32-<wbr>6e0cc12ec606] provision - err: User "system:serviceaccount:<wbr>ansible-service-broker:asb" cannot create <a href="http://networkpolicies.networking.k8s.io" target="_blank">networkpolicies.networking.<wbr>k8s.io</a> in the namespace "test": User "system:serviceaccount:<wbr>ansible-service-broker:asb" cannot create <a href="http://networkpolicies.networking.k8s.io" target="_blank">networkpolicies.networking.<wbr>k8s.io</a> in project "test" (post <a href="http://networkpolicies.networking.k8s.io" target="_blank">networkpolicies.networking.<wbr>k8s.io</a>) </div></div><div><br></div><div>Is it the reason of my issue ? If yes, how can we resolve the problem ?</div><div><div class="h5"><div class="gmail_extra"><div><div class="m_-3571459421792461358gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:10px"><br></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Fri, Jan 26, 2018 at 1:06 PM, Charles Moulliard <span dir="ltr"><<a href="mailto:cmoullia@redhat.com" target="_blank">cmoullia@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>I have used the Openshift UI screens to install under "test" namespace the MySQL service instance</div><div>and I get such errors if I look to the "events"</div><div><br></div><div><a href="https://www.dropbox.com/s/5cptnq47zf8rava/Screenshot%202018-01-26%2013.04.33.png?dl=0" target="_blank">https://www.dropbox.com/s/5cpt<wbr>nq47zf8rava/Screenshot%202018-<wbr>01-26%2013.04.33.png?dl=0</a></div><div><br></div><div>ServiceBinding cannot begin because referenced ServiceInstance "test/dh-mysql-apb-7wzcr" is not ready</div><div><span style="color:rgb(54,54,54);font-family:"Open Sans",Helvetica,Arial,sans-serif;font-size:13px">Provision call failed: Error occurred during provision. Please contact administrator if it persists.</span></div><div><font color="#363636" face="Open Sans, Helvetica, Arial, sans-serif"><br></font></div><div><font color="#363636" face="Open Sans, Helvetica, Arial, sans-serif">Project has been installed on OCP 3.7 with option --service-catalog</font></div><div><font color="#363636" face="Open Sans, Helvetica, Arial, sans-serif">and Ansible Broker using the following template</font></div><div><font color="#363636" face="Open Sans, Helvetica, Arial, sans-serif"><br></font></div><div><font color="#363636" face="Open Sans, Helvetica, Arial, sans-serif"><div>oc new-project ansible-service-broker</div><div>curl -s <a href="https://raw.githubusercontent.com/openshift/ansible-service-broker/master/templates/simple-broker-template.yaml" target="_blank">https://raw.githubusercontent.<wbr>com/openshift/ansible-service-<wbr>broker/master/templates/simple<wbr>-broker-template.yaml</a> | oc process -n "ansible-service-broker" -f - | oc create -f -</div><div><br></div></font></div><div><span style="color:rgb(54,54,54);font-family:"Open Sans",Helvetica,Arial,sans-serif;font-size:13px"></span><font color="#363636" face="Open Sans, Helvetica, Arial, sans-serif">How can I troubleshoot such errors ?</font></div><div><font color="#363636" face="Open Sans, Helvetica, Arial, sans-serif"><br></font></div><div><font color="#363636" face="Open Sans, Helvetica, Arial, sans-serif">Regards</font></div><span class="m_-3571459421792461358HOEnZb"><font color="#888888"><div><font color="#363636" face="Open Sans, Helvetica, Arial, sans-serif"><br></font></div><div><font color="#363636" face="Open Sans, Helvetica, Arial, sans-serif">Charles</font></div><div><br></div><div><div><div class="m_-3571459421792461358m_-7292922251477180618gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="color:rgb(0,0,0);font-family:overpass,sans-serif;font-size:10px"><div></div></div></div></div></div></div></div></div></div></div>
</div></font></span></div>
</blockquote></div><br></div></div></div></div>
</blockquote></div><br></div>