Description of problem: After creating a Helm Base Operator following https://sdk.operatorframework.io/docs/building-operators/helm/quickstart/, the Custom Resource creation fails due to service account permission issues. Seems to be related with https://github.com/operator-framework/operator-sdk/issues/3767 kubectl get Nginx nginx-sample -o yaml status: conditions: - lastTransitionTime: "2020-08-26T21:17:51Z" status: "True" type: Initialized - lastTransitionTime: "2020-08-26T21:17:56Z" message: 'failed to install release: serviceaccounts "nginx-sample" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can''t set finalizers on: , <nil>' reason: InstallError status: "True" type: ReleaseFailed Version-Release number of selected component (if applicable): operator-sdk version operator-sdk version: "v1.0.0", commit: "d7d5e0cd6cf5468bb66e0849f08fda5bf557f4fa", kubernetes version: "v1.18.2", go version: "go1.13.11 linux/amd64", GOOS: "linux", GOARCH: "amd6 OCP: 4.6.0-0.nightly-2020-08-26-152137 How reproducible: Always Steps to Reproduce: 1. Follow https://sdk.operatorframework.io/docs/building-operators/helm/quickstart/ documentation Actual results: Fail to create CR from generated Helm Base Operator Expected results: Should be able to create the Custom Resource Additional info:
Confirmed. This is a regression in 1.0.0, so it does not affect the downstream OpenShift 4.6 delivery which will be aligned with Operator SDK 0.19. The PR containing the fix is: https://github.com/operator-framework/operator-sdk/pull/3779
Fixed by operator-sdk v1.2.0 the PR attached is the downstreaming of v1.2.0
Verified. $ operator-sdk version operator-sdk version: "v1.2.0-39-g71ec07fd", commit: "71ec07fd5b3e112ab4110e90d77f9956813127c4", kubernetes version: "v1.19.4", go version: "go1.14.2", GOOS: "linux", GOARCH: "amd64" clusterversion:4.7.0-0.nightly-2020-12-17-201522 Follow https://sdk.operatorframework.io/docs/building-operators/helm/quickstart/ documentation create CR:pod,service,deployment,replicaset from generated Helm Base Operator $ oc get all -l "app.kubernetes.io/instance=nginx-sample" NAME READY STATUS RESTARTS AGE pod/nginx-sample-646f977b4f-dkbhr 0/1 CrashLoopBackOff 1 19s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/nginx-sample ClusterIP 172.30.222.205 <none> 80/TCP 19s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/nginx-sample 0/1 1 0 20s NAME DESIRED CURRENT READY AGE replicaset.apps/nginx-sample-646f977b4f 1 1 0 20s
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633