Description of problem (please be detailed as possible and provide log snippests): OCS deployed via the operator on OCP 4.6 was unable to create ObjectBucketClaims due to permission issues. New OBC's would stay in a pending state indefinitely. While troubleshooting, I found that running `nooba-operator` status and list commands from the nooba-operator pod return permission errors. Testing: Run commands from terminal oc -n openshift-storage exec -it noobaa-operator-<ID> -- sh noobaa-operator status noobaa-operator bucket list noobaa-operator obc list Expected Results No errors in stdout Actual Results Stdout partially returns the result and finishes at a ‘panic’ due to Forbidden permission denied. I no longer have access to the environment that is issue occurred. Version of all relevant components (if applicable): Nooba Does this issue impact your ability to continue to work with the product (please explain in detail what is the user impact)? Yes, unable to use Object bucket functionality in RHCOS Is there any workaround available to the best of your knowledge? I was able to resolve the issue by changing `subjects[0].namespace` from 'nooba' to 'openshift-storage' the `noobaa.noobaa.io` cluster role binding. Rate from 1 - 5 the complexity of the scenario you performed that caused this bug (1 - very simple, 5 - very complex)? 1 Can this issue reproducible? Yes Can this issue reproduce from the UI? Yes - Create an OBC If this is a regression, please provide more details to justify this: Steps to Reproduce: 1. Deploy OBS on OCP 4.6 and configure for bucket storage 2. Create new OBC in a non openshift-storage namespace 3. Actual results: OBC stays in a pending state. Expected results: OBC, OB and Secret are created in specified namespace Additional info:
What platform is it? AWS/vSphere or any other? Can you please provide the must gather logs? Thanks
This was on a vSphere platform. I'm not able to gather logs as I cannot access the environment anymore
If it's reproducible can you please reproduce and collect and attach the must gather logs? I think that without this no one will actually know what is happening on your cluster. I don't remember we hit such issues in our regression runs for OCS 4.6 so curious what can be the case here. Thanks
Fair points on not being able to provide logs. I'm going to close the ticket as I cannot access the environment anymore.