moco icon indicating copy to clipboard operation
moco copied to clipboard

Published 20 hours ago verified publisher icon cybozu-go

Cannot set blockOwnerDeletion

Open cyberox opened this issue 2 years ago • 6 comments

Describe the bug I would like to run moco on our openshift cluster. The operator is installed correctly. But during the creation of a MySQLCluster resource, I receive the following error:

LAST SEEN   TYPE      REASON         OBJECT                         MESSAGE
4s          Normal    NoPods         poddisruptionbudget/moco-ngw   No matching pods found
2s          Warning   FailedCreate   statefulset/moco-ngw           create Claim mysql-data-moco-ngw-0 for Pod moco-ngw-0 in StatefulSet moco-ngw failed error: persistentvolumeclaims "mysql-data-moco-ngw-0" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
2s          Warning   FailedCreate   statefulset/moco-ngw           create Pod moco-ngw-0 in StatefulSet moco-ngw failed error: failed to create PVC mysql-data-moco-ngw-0: persistentvolumeclaims "mysql-data-moco-ngw-0" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>

Environments

  • Version: OpenShift 4.9
  • OS: CoreOS

To Reproduce Deploy the minimal cluster resource on the openshift cluster.

Expected behavior PVC are created correctly

Additional context This is a security enhancement in OpenShift, and is discussed in this BugZilla. This could be resolved by extending the ClusterRole resources with additional /finalizers, but I need some help with this.

cyberox avatar Mar 10 '22 15:03 cyberox

Thank you for the report. We also do not have experience with OpenShift, so need help.

ymmt2005 avatar Mar 10 '22 15:03 ymmt2005

@cyberox We do not have an OpenShift environment. So could you try the following configuration in your environment?

kubectl edit clusterrole moco-manager-role

Please add the following rule in moco-manager-role:

- apiGroups:
  - ""
  resources:
  - persistentvolumeclaims/finalizers
  verbs:
  - update

If it works, we will add this configuration to our helm chart.

zoetrope avatar Mar 11 '22 01:03 zoetrope

Thank you for the suggestion. I applied it to the clusterrole, and redeployed the MySQLCluster resource. I'm receiving the same error when creating the statefulset.

cyberox avatar Mar 11 '22 04:03 cyberox

Please add the following rule as well.

- apiGroups:
  - apps
  resources:
  - statefulsets/finalizer
  verbs:
  - update

zoetrope avatar Mar 11 '22 05:03 zoetrope

I also added that to the clusterrole, but unfortunately it is not working.

cyberox avatar Mar 11 '22 06:03 cyberox

I will try OpenShift free trial or Minishift. Please wait a while.

zoetrope avatar Mar 15 '22 09:03 zoetrope