milvus-operator icon indicating copy to clipboard operation
milvus-operator copied to clipboard

Published 20 hours ago verified publisher icon zilliztech

Failed to create resource due to perms cluster-pulsar

Open webcoderz opened this issue 1 year ago • 3 comments
trafficstars

controller.helm warning: Upgrade "cluster-pulsar" failed: failed to create resource: clusterroles.rbac.authorization.k8s.io "cluster-pulsar-prometheus" is forbidden: user "system:serviceaccount:milvus-cluster-operator:milvus-operator" (groups=["system:serviceaccounts" "system:serviceaccounts:milvus-cluster-operator" "system:authenticated"]) is attempting to grant RBAC permissions not currently held: {APIGroups:[""], Resources:["endpoints"], Verbs:["get" "list" "watch"]} {APIGroups:[""], Resources:["nodes"], Verbs:["get" "list" "watch"]} {APIGroups:[""], Resources:["nodes/proxy"], Verbs:["get" "list" "watch"]} {NonResourceURLs:["/metrics"], Verbs:["get"]}

When trying to install the Milvus cluster

webcoderz avatar Jan 06 '24 01:01 webcoderz

Fixed with this


apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: milvus-operator-additional
rules:
- apiGroups: [""]
  resources: ["endpoints", "nodes", "nodes/proxy"]
  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: milvus-operator-additional-binding
subjects:
- kind: ServiceAccount
  name: milvus-operator
  namespace: milvus-cluster-operator
roleRef:
  kind: ClusterRole
  name: milvus-operator-additional
  apiGroup: rbac.authorization.k8s.io

webcoderz avatar Jan 06 '24 02:01 webcoderz

hi @webcoderz, thank you for the feedback! Could you also provide your Milvus CR manifest for our further investigation?

haorenfsa avatar Jan 07 '24 04:01 haorenfsa

Yea will send over in the morning

webcoderz avatar Jan 11 '24 00:01 webcoderz