1683701 – Clusterlogging is created but deployments not created: "system:serviceaccount:openshift-operators:cluster-logging-operator" cannot list resource "clusterloggings"

Bug 1683701 - Clusterlogging is created but deployments not created: "system:serviceaccount:openshift-operators:cluster-logging-operator" cannot list resource "clusterloggings"

Summary: Clusterlogging is created but deployments not created: "system:serviceaccoun...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Logging
Sub Component:
Version:	4.1.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Target Release:	4.1.0
Assignee:	Jeff Cantrill
QA Contact:	Anping Li
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-02-27 15:31 UTC by Mike Fiedler
Modified:	2019-06-04 10:44 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-06-04 10:44:39 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
cluster logging install plan (33.18 KB, text/plain) 2019-02-27 16:40 UTC, Mike Fiedler	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2019:0758	0	None	None	None	2019-06-04 10:44:45 UTC

Description Mike Fiedler 2019-02-27 15:31:40 UTC

Description of problem:

1.  From the OCP web console, deploy the cluster logging community operator
2.  From the OCP web console, create a clusterlogging instance in the openshift-logging namespace with the following yaml:

apiVersion: logging.openshift.io/v1alpha1
kind: ClusterLogging
metadata:
  name: instance
  namespace: openshfit-logging
spec:
  managementState: Managed
  logStore:
    type: elasticsearch
    elasticsearch:
      nodeCount: 3
      redundancyPolicy: SingleRedundancy
      storage:
        storageClassName: gp2
        size: 200G
  visualization:
    type: kibana
    kibana:
      replicas: 1
  curation:
    type: curator
    curator:
      schedule: 30 3 * * *
  collection:
    logs:
      type: fluentd
      fluentd: {}

3.  The clusterlogging cr named instance is created in the openshift-logging namespace, but the clusterlogging-operator pod logs are full of the following error message:

ERROR: logging before flag.Parse: E0227 15:27:13.952660       1 reflector.go:205] github.com/operator-framework/operator-sdk/pkg/sdk/informer.go:91: Failed to list *unstructured.Unstructured: clusterloggings.logging.openshift.io is forbidden: User "system:serviceaccount:openshift-operators:cluster-logging-operator" cannot list resource "clusterloggings" in API group "logging.openshift.io" at the cluster scope

Version-Release number of selected component (if applicable): 4.0.0-0.nightly-2019-02-27-074704


How reproducible: Always

Comment 1 ewolinet 2019-02-27 15:59:13 UTC

How are you installing the operator? 
It seems like you are missing the clusterloggings CRD from your system. `$ oc get crds`

Comment 2 Mike Fiedler 2019-02-27 16:22:14 UTC

# oc get crd | egrep "clusterlogging|elastic"
clusterloggings.logging.openshift.io                                     2019-02-27T13:44:51Z
elasticsearches.logging.openshift.io                                     2019-02-27T13:44:51Z


The clusterlogging CR gets created ok:



 # oc get clusterlogging -o wide -n openshift-logging
NAME       AGE
instance   132m


Installing  the operator like this:

1. login in to the console
2. Click Catalogs -> OperatorHub
3. Click Community Operators
4. Click Cluster Logging
5. Click Install

Comment 3 Mike Fiedler 2019-02-27 16:40:50 UTC

Created attachment 1539200 [details]
cluster logging install plan

Comment 4 Jeff Cantrill 2019-02-28 16:32:46 UTC

Believe this will be resolved by https://github.com/operator-framework/community-operators/pull/85

Comment 5 Qiaoling Tang 2019-03-06 01:21:03 UTC

Verified in 4.0.0-0.nightly-2019-03-05-065158.

Comment 8 errata-xmlrpc 2019-06-04 10:44:39 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758

Note You need to log in before you can comment on or make changes to this bug.