Description of problem: I attempted to create a binding from postgres-apb to mediawiki-apb. After the Secret was created, Service Catalog failed to create the podpresets From 'controller-manager' Error injecting binding results for Binding "demo/postgresql-apb-399c3-jmcmw": User "system:serviceaccount:kube-service-catalog:service-catalog-controller" cannot create podpresets.settings.k8s.io in project "demo" I suspect this is a bug with the installer not configuring PodPresets Version-Release number of selected component (if applicable): Running puddle 3.6.152 Installed using openshift-ansible From Service Catalog controller-manager pod I0717 14:39:21.869689 1 controller_binding.go:89] Processing Binding demo/postgresql-apb-399c3-jmcmw I0717 14:39:21.869760 1 controller.go:341] Creating client for Broker ansible-service-broker, URL: http://asb.openshift-ansible-service-broker.svc:1338 I0717 14:39:21.869795 1 controller_binding.go:159] Adding/Updating Binding demo/postgresql-apb-399c3-jmcmw I0717 14:39:21.877471 1 open_service_broker_client.go:247] Doing a request to: http://asb.openshift-ansible-service-broker.svc:1338/v2/service_instances/084a93c2-6105-457c-827f-11a94d7df302/service_bindings/c2287904-30a0-4a25-8852-51abe19637ef I0717 14:39:21.890527 1 utils.go:67] { "credentials": { "POSTGRESQL_DATABASE": "admin", "POSTGRESQL_HOST": "postgresql", "POSTGRESQL_PASSWORD": "admin", "POSTGRESQL_PORT": "5432", "POSTGRESQL_USER": "admin" } } I0717 14:39:21.890675 1 controller_binding.go:336] Creating Secret demo/postgresql-apb-399c3-t3idc W0717 14:39:21.909202 1 controller_binding.go:231] Error injecting binding results for Binding "demo/postgresql-apb-399c3-jmcmw": User "system:serviceaccount:kube-service-catalog:service-catalog-controller" cannot create podpresets.settings.k8s.io in project "demo" I0717 14:39:21.909271 1 controller_binding.go:440] Setting lastTransitionTime for Binding "demo/postgresql-apb-399c3-jmcmw" condition "Ready" to 2017-07-17 14:39:21.909248119 +0000 UTC I0717 14:39:21.909319 1 controller_binding.go:461] Updating Ready condition for Binding demo/postgresql-apb-399c3-jmcmw to False (Reason: "ErrorInjectingBindResult", Message: "Error injecting bind result Error injecting binding results for Binding \"demo/postgresql-apb-399c3-jmcmw\": User \"system:serviceaccount:kube-service-catalog:service-catalog-controller\" cannot create podpresets.settings.k8s.io in project \"demo\"") I0717 14:39:21.920752 1 controller.go:195] Error syncing Binding demo/postgresql-apb-399c3-jmcmw: User "system:serviceaccount:kube-service-catalog:service-catalog-controller" cannot create podpresets.settings.k8s.io in project "demo" I0717 14:39:21.921503 1 event.go:217] Event(v1.ObjectReference{Kind:"Binding", Namespace:"demo", Name:"postgresql-apb-399c3-jmcmw", UID:"b8be8535-6afd-11e7-8b5a-0a580a800007", APIVersion:"servicecatalog.k8s.io", ResourceVersion:"3482", FieldPath:""}): type: 'Warning' reason: 'ErrorInjectingBindResult' Error injecting binding results for Binding "demo/postgresql-apb-399c3-jmcmw": User "system:serviceaccount:kube-service-catalog:service-catalog-controller" cannot create podpresets.settings.k8s.io in project "demo" Description of problem: Version-Release number of the following components: rpm -q openshift-ansible rpm -q ansible ansible --version How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Please include the entire output from the last TASK line through the end of output if an error is generated Expected results: Additional info: Please attach logs from ansible-playbook with the -vvv flag
Please see comment: https://bugzilla.redhat.com/show_bug.cgi?id=1469986#c8
Created attachment 1304626 [details] binding successfully verify on openshift v3.6.170 kubernetes v1.6.1+5115d708d7 etcd 3.2.1 After bindings, I can create podpreset successfully. [root@host-8-175-47 ~]# oc get podpreset -n dma1 NAME AGE postgresql-apb-5xphm-lmesf 2h
I saw some error in service-catalog controller-manager log 1) can't delete secret and podpresets.settings.k8s.io I0726 08:22:57.957331 1 controller_binding.go:400] Deleting PodPreset dma1/postgresql-apb-5xphm-lmesf W0726 08:22:57.961271 1 controller_binding.go:268] Error deleting secret: User "system:serviceaccount:kube-service-catalog:service-catalog-controller" cannot delete podpresets.settings.k8s.io in project "dma1" I0726 08:22:57.961290 1 controller_binding.go:447] Found status change for Binding "dma1/postgresql-apb-5xphm-gv5s4" condition "Ready": "True" -> "Unknown"; setting lastTransitionTime to 2017-07-26 08:22:57.961286317 +0000 UTC I0726 08:22:57.961307 1 controller_binding.go:461] Updating Ready condition for Binding dma1/postgresql-apb-5xphm-gv5s4 to Unknown (Reason: "ErrorEjectingBinding", Message: "Error ejecting binding.Error deleting secret: User \"system:serviceaccount:kube-service-catalog:service-catalog-controller\" cannot delete podpresets.settings.k8s.io in project \"dma1\"") I0726 08:31:06.977898 1 controller.go:195] Error syncing Binding dma1/postgresql-apb-5xphm-gv5s4: User "system:serviceaccount:kube-service-catalog:service-catalog-controller" cannot delete podpresets.settings.k8s.io in project "dma1" I0726 08:31:06.978206 1 event.go:217] Event(v1.ObjectReference{Kind:"Binding", Namespace:"dma1", Name:"postgresql-apb-5xphm-gv5s4", UID:"990f157f-71c7-11e7-aff0-0a580a800002", APIVersion:"servicecatalog.k8s.io", ResourceVersion:"21586", FieldPath:""}): type: 'Warning' reason: 'ErrorEjectingBinding' Error ejecting binding. Error deleting secret: User "system:serviceaccount:kube-service-catalog:service-catalog-controller" cannot delete podpresets.settings.k8s.io in project "dma1" 2) can't get instance E0726 08:26:06.581465 1 controller_instance.go:543] Error getting Instance / to finalize: User "system:serviceaccount:kube-service-catalog:service-catalog-controller" cannot get instances.servicecatalog.k8s.io in project "xp-26"
https://github.com/openshift/openshift-ansible/pull/4877
Additional changes in openshift-ansible-3.6.172
Verify on openshift-ansible-3.6.172.0.0-1.git.0.d90ca2b.el7.noarch.rpm After deprovision, there is no this error in controller-manager.log
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1716