Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

help,help,help v1.18.0 I get error buildermgr , envwatcher not get watcher to create env by controller #2934

Open
bigbird-0101 opened this issue May 9, 2024 · 0 comments
Open

help,help,help v1.18.0 I get error buildermgr , envwatcher not get watcher to create env by controller #2934

bigbird-0101 opened this issue May 9, 2024 · 0 comments
Labels
area-environment help wanted

Comments

@bigbird-0101
Copy link

bigbird-0101 commented May 9, 2024
edited

v1.18.0 I get error buildermgr , envwatcher not get watcher to create env by controller ,what can i do?
I found that all serivceaccounts in v1.18.0 had no ClusterRole, so I opened the Controller
When I created an env by controller, I found that Buildermgr didn't get a watch
this is my add ClusterRole

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: fission-v1-18-0-fission-cr-admin
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  - pods
  - secrets
  - services
  - serviceaccounts
  - replicationcontrollers
  - namespaces
  - events
  verbs:
  - create
  - delete
  - get
  - list
  - watch
  - patch
- apiGroups:
  - apps
  resources:
  - deployments
  - deployments/scale
  - replicasets
  verbs:
  - '*'
- apiGroups:
  - batch
  resources:
  - jobs
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  verbs:
  - '*'
- apiGroups:
  - apiextensions.k8s.io
  resources:
  - customresourcedefinitions
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - fission.io
  resources:
  - canaryconfigs
  - environments
  - functions
  - httptriggers
  - kuberneteswatchtriggers
  - messagequeuetriggers
  - packages
  - timetriggers
  verbs:
  - '*'
- apiGroups:
  - autoscaling
  resources:
  - horizontalpodautoscalers
  verbs:
  - '*'
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - rolebindings
  verbs:
  - '*'
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - clusterroles
  verbs:
  - bind
- apiGroups:
  - keda.sh
  resources:
  - scaledjobs
  - scaledobjects
  - scaledjobs/finalizers
  - scaledjobs/status
  - triggerauthentications
  - triggerauthentications/status
  verbs:
  - '*'
- apiGroups:
  - keda.k8s.io
  resources:
  - scaledjobs
  - scaledobjects
  - scaledjobs/finalizers
  - scaledjobs/status
  - triggerauthentications
  - triggerauthentications/status
  verbs:
  - '*'
- apiGroups:
  - metrics.k8s.io
  resources:
  - pods
  verbs:
  - get
  - list
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: fission-v1-18-0-fission-controller-cr-admin
subjects:
  - kind: ServiceAccount
    name: fission-controller
    namespace: fission
roleRef:
  kind: ClusterRole
  name: fission-v1-18-0-fission-cr-admin
  apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: fission-v1-18-0-fission-buildermgr-cr-admin
subjects:
  - kind: ServiceAccount
    name: fission-buildermgr
    namespace: fission
roleRef:
  kind: ClusterRole
  name: fission-v1-18-0-fission-cr-admin
  apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: fission-v1-18-0-fission-executor-cr-admin
subjects:
  - kind: ServiceAccount
    name: fission-executor
    namespace: fission
roleRef:
  kind: ClusterRole
  name: fission-v1-18-0-fission-cr-admin
  apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: fission-v1-18-0-fission-fluentbit-cr-admin
subjects:
  - kind: ServiceAccount
    name: fission-fluentbit
    namespace: fission
roleRef:
  kind: ClusterRole
  name: fission-v1-18-0-fission-cr-admin
  apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: fission-v1-18-0-fission-kafka-cr-admin
subjects:
  - kind: ServiceAccount
    name: fission-kafka
    namespace: fission
roleRef:
  kind: ClusterRole
  name: fission-v1-18-0-fission-cr-admin
  apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: fission-v1-18-0-fission-keda-cr-admin
subjects:
  - kind: ServiceAccount
    name: fission-keda
    namespace: fission
roleRef:
  kind: ClusterRole
  name: fission-v1-18-0-fission-cr-admin
  apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: fission-v1-18-0-fission-kubewatcher-cr-admin
subjects:
  - kind: ServiceAccount
    name: fission-kubewatcher
    namespace: fission
roleRef:
  kind: ClusterRole
  name: fission-v1-18-0-fission-cr-admin
  apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: fission-v1-18-0-fission-router-cr-admin
subjects:
  - kind: ServiceAccount
    name: fission-router
    namespace: fission
roleRef:
  kind: ClusterRole
  name: fission-v1-18-0-fission-cr-admin
  apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: fission-v1-18-0-fission-storagesvc-cr-admin
subjects:
  - kind: ServiceAccount
    name: fission-storagesvc
    namespace: fission
roleRef:
  kind: ClusterRole
  name: fission-v1-18-0-fission-cr-admin
  apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: fission-v1-18-0-fission-timer-cr-admin
subjects:
  - kind: ServiceAccount
    name: fission-timer
    namespace: fission
roleRef:
  kind: ClusterRole
  name: fission-v1-18-0-fission-cr-admin
  apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: fission-v1-18-0-fission-webhook-cr-admin
subjects:
  - kind: ServiceAccount
    name: fission-webhook
    namespace: fission
roleRef:
  kind: ClusterRole
  name: fission-v1-18-0-fission-cr-admin
  apiGroup: rbac.authorization.k8s.io
---

this is my buildermgr deployment

kind: Deployment
apiVersion: apps/v1
metadata:
  name: buildermgr
  namespace: fission
  labels:
    app.kubernetes.io/managed-by: Helm
    chart: fission-all-v1.18.0
    svc: buildermgr
  annotations:
    deployment.kubernetes.io/revision: '4'
    meta.helm.sh/release-name: fission
    meta.helm.sh/release-namespace: fission
spec:
  replicas: 1
  selector:
    matchLabels:
      svc: buildermgr
  template:
    metadata:
      creationTimestamp: null
      labels:
        svc: buildermgr
      annotations:
        prometheus.io/path: /metrics
        prometheus.io/port: '8080'
        prometheus.io/scrape: 'true'
    spec:
      volumes:
        - name: builder-podspec-patch-volume
          configMap:
            name: builder-podspec-patch
            defaultMode: 420
      containers:
        - name: buildermgr
          image: 'index.docker.io/fission/fission-bundle:v1.18.0'
          command:
            - /fission-bundle
          args:
            - '--builderMgr'
            - '--storageSvcUrl'
            - 'http://storagesvc.fission'
          ports:
            - name: metrics
              containerPort: 8080
              protocol: TCP
          env:
            - name: FETCHER_IMAGE
              value: 'fission/fetcher:v1.18.0'
            - name: FETCHER_IMAGE_PULL_POLICY
              value: IfNotPresent
            - name: BUILDER_IMAGE_PULL_POLICY
              value: IfNotPresent
            - name: FISSION_BUILDER_NAMESPACE
              value: fission-builder
            - name: FISSION_FUNCTION_NAMESPACE
              value: fission-function
            - name: FISSION_DEFAULT_NAMESPACE
              value: default
            - name: ENABLE_ISTIO
              value: 'false'
            - name: FETCHER_MINCPU
              value: 10m
            - name: FETCHER_MINMEM
              value: 16Mi
            - name: FETCHER_MAXCPU
            - name: FETCHER_MAXMEM
            - name: DEBUG_ENV
              value: 'false'
            - name: PPROF_ENABLED
              value: 'false'
            - name: HELM_RELEASE_NAME
              value: fission
            - name: FISSION_RESOURCE_NAMESPACES
              value: default
            - name: OTEL_EXPORTER_OTLP_ENDPOINT
            - name: OTEL_EXPORTER_OTLP_INSECURE
              value: 'true'
            - name: OTEL_TRACES_SAMPLER
              value: parentbased_traceidratio
            - name: OTEL_TRACES_SAMPLER_ARG
              value: '0.1'
            - name: OTEL_PROPAGATORS
              value: 'tracecontext,baggage'
          resources: {}
          volumeMounts:
            - name: builder-podspec-patch-volume
              readOnly: true
              mountPath: /etc/fission/builder-podspec-patch.yaml
              subPath: builder-podspec-patch.yaml
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          imagePullPolicy: IfNotPresent
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      dnsPolicy: ClusterFirst
      serviceAccountName: fission-buildermgr
      serviceAccount: fission-buildermgr
      securityContext:
        runAsUser: 10001
        runAsGroup: 10001
        runAsNonRoot: true
        fsGroup: 10001
      schedulerName: default-scheduler
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 25%
      maxSurge: 25%
  revisionHistoryLimit: 10
  progressDeadlineSeconds: 600
@bigbird-0101 bigbird-0101 changed the title help,help,help v1.18.0 I get error buildermgt , envwatcher not get watcher to create env by controller help,help,help v1.18.0 I get error buildermgr , envwatcher not get watcher to create env by controller May 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-environment help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bigbird-0101 @soharab-ic