awx-operator icon indicating copy to clipboard operation
awx-operator copied to clipboard

Published 20 hours ago • verified publisher icon ansible

aws operator 2.7.2 helm chart namespaced options?

Open ifelsefi opened this issue 7 months ago • 0 comments

Please confirm the following

  • [X] I agree to follow this project's code of conduct.
  • [X] I have checked the current issues for duplicates.
  • [X] I understand that the AWX Operator is open source software provided for free and that I might not receive a timely response.

Bug Summary

I am trying to deploy namespaced operator via helm chart but it keeps creating clusterroles, clusterrolebindings, etc, which we do not want.

Per #541 this should be possible:

This PR has been updated to move the awx-operator from a cluster-scoped operator to a namespace-scoped operator. At a high level this means only Roles for service accounts, no ClusterRoles, and it also means that operators & AWX deployments will have a 1-to-1 relationship.

Yet I cannot figure out the correct values.yaml.

AWX Operator version

2.7.2

AWX version

latest

Kubernetes platform

Rancher 2.7

Kubernetes/Platform version

1.24.10

Modifications

no

Steps to reproduce

wget https://github.com/ansible/awx-operator/releases/download/2.7.2/awx-operator-2.7.2.tgz

helm upgrade --install -v8 -n ti-ansible-awx ti-ansible-awx ./awx-operator-2.7.2.tgz -f myvalues.yaml

---
AWX:
  enabled: true
  spec:
    image_version: 2.7.2

Expected results

installs without need for clusterrolebindings

Actual results

creates clusterroles, clusterrolebinding, and fails:

I1108 12:44:03.813284   25185 request.go:1188] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"awxs.awx.ansible.com \"awx\" is forbidden: User \"u-ouq5l5qa3n\" cannot get resource \"awxs\" in API group \"awx.ansible.com\" in the namespace \"ti-ansible-awx\"","reason":"Forbidden","details":{"name":"awx","group":"awx.ansible.com","kind":"awxs"},"code":403}
Error: rendered manifests contain a resource that already exists. Unable to continue with install: could not get information about the resource AWX "awx" in namespace "ti-ansible-awx": awxs.awx.ansible.com "awx" is forbidden: User "u-ouq5l5qa3n" cannot get resource "awxs" in API group "awx.ansible.com" in the namespace "ti-ansible-awx"

Additional information

Operator Logs

No response

ifelsefi avatar Nov 08 '23 19:11 ifelsefi