Bug 1683701 - Clusterlogging is created but deployments not created: "system:serviceaccount:openshift-operators:cluster-logging-operator" cannot list resource "clusterloggings"
Summary: Clusterlogging is created but deployments not created: "system:serviceaccoun...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Logging
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: 4.1.0
Assignee: Jeff Cantrill
QA Contact: Anping Li
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-27 15:31 UTC by Mike Fiedler
Modified: 2019-06-04 10:44 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-04 10:44:39 UTC
Target Upstream Version:


Attachments (Terms of Use)
cluster logging install plan (33.18 KB, text/plain)
2019-02-27 16:40 UTC, Mike Fiedler
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:0758 None None None 2019-06-04 10:44:45 UTC

Description Mike Fiedler 2019-02-27 15:31:40 UTC
Description of problem:

1.  From the OCP web console, deploy the cluster logging community operator
2.  From the OCP web console, create a clusterlogging instance in the openshift-logging namespace with the following yaml:

apiVersion: logging.openshift.io/v1alpha1
kind: ClusterLogging
metadata:
  name: instance
  namespace: openshfit-logging
spec:
  managementState: Managed
  logStore:
    type: elasticsearch
    elasticsearch:
      nodeCount: 3
      redundancyPolicy: SingleRedundancy
      storage:
        storageClassName: gp2
        size: 200G
  visualization:
    type: kibana
    kibana:
      replicas: 1
  curation:
    type: curator
    curator:
      schedule: 30 3 * * *
  collection:
    logs:
      type: fluentd
      fluentd: {}

3.  The clusterlogging cr named instance is created in the openshift-logging namespace, but the clusterlogging-operator pod logs are full of the following error message:

ERROR: logging before flag.Parse: E0227 15:27:13.952660       1 reflector.go:205] github.com/operator-framework/operator-sdk/pkg/sdk/informer.go:91: Failed to list *unstructured.Unstructured: clusterloggings.logging.openshift.io is forbidden: User "system:serviceaccount:openshift-operators:cluster-logging-operator" cannot list resource "clusterloggings" in API group "logging.openshift.io" at the cluster scope

Version-Release number of selected component (if applicable): 4.0.0-0.nightly-2019-02-27-074704


How reproducible: Always

Comment 1 ewolinet 2019-02-27 15:59:13 UTC
How are you installing the operator? 
It seems like you are missing the clusterloggings CRD from your system. `$ oc get crds`

Comment 2 Mike Fiedler 2019-02-27 16:22:14 UTC
# oc get crd | egrep "clusterlogging|elastic"
clusterloggings.logging.openshift.io                                     2019-02-27T13:44:51Z
elasticsearches.logging.openshift.io                                     2019-02-27T13:44:51Z


The clusterlogging CR gets created ok:



 # oc get clusterlogging -o wide -n openshift-logging
NAME       AGE
instance   132m


Installing  the operator like this:

1. login in to the console
2. Click Catalogs -> OperatorHub
3. Click Community Operators
4. Click Cluster Logging
5. Click Install

Comment 3 Mike Fiedler 2019-02-27 16:40:50 UTC
Created attachment 1539200 [details]
cluster logging install plan

Comment 4 Jeff Cantrill 2019-02-28 16:32:46 UTC
Believe this will be resolved by https://github.com/operator-framework/community-operators/pull/85

Comment 5 Qiaoling Tang 2019-03-06 01:21:03 UTC
Verified in 4.0.0-0.nightly-2019-03-05-065158.

Comment 8 errata-xmlrpc 2019-06-04 10:44:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758


Note You need to log in before you can comment on or make changes to this bug.