You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
After installing OLM (either with operator-sdk or install.sh), packageserver returns connect: connection refused while connecting to operatorhubio-catalog while I don't see any issue using a grpc_cli debugging container.
This is a very simple singlenode install of kubernetes with all pods patched on a same bridge.
$ kubectl version
Client Version: v1.29.0
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.29.0
The clusterserviceversions stays in Installing phase.
$ kubectl get csv packageserver -n olm
NAME DISPLAY VERSION REPLACES PHASE
packageserver Package Server 0.26.0 Installing
$ k get apiservices v1.packages.operators.coreos.com -o yaml
[...]
conditions:
- lastTransitionTime: "2023-12-19T22:40:59Z"
message: 'failing or missing response from https://10.32.0.29:5443/apis/packages.operators.coreos.com/v1:
bad status from https://10.32.0.29:5443/apis/packages.operators.coreos.com/v1:
403'
reason: FailedDiscoveryCheck
status: "False"
type: Available
From a grpci_cli debuging container I can reach and list services of the operatorhubio-catalog.olm.svc endpoint.
update:
The connection refused logs from the packageserver pod are only happening during the instantiation of opm and package-server can connect correctly using grpc afterward.
Actual issue appears to concern the packageserver endpoint authentication as healthzlivez and readyz endpoints all returns 200 ok but the apis/packages.operators.coreos.com/v1 endpoint returns 403 Forbidden.
message: 'failing or missing response from https://10.32.0.210:5443/apis/packages.operators.coreos.com/v1:
bad status from https://10.32.0.210:5443/apis/packages.operators.coreos.com/v1:
403'
If I run another package-server with --authorization-always-allow-paths /apis/packages.operators.coreos.com/v1 the endpoint is returning the expect result.
What component/configuration may I be missing in my kubernetes deployment ?
epheo
changed the title
packageserver can't connect to operatorhubio-catalog while grpc_cli can
packages.operators apiregistration fails to authenticate to packageserver endpoint.
Dec 21, 2023
Hi,
After installing OLM (either with operator-sdk or install.sh), packageserver returns
connect: connection refused
while connecting to operatorhubio-catalog while I don't see any issue using a grpc_cli debugging container.This is a very simple singlenode install of kubernetes with all pods patched on a same bridge.
The clusterserviceversions stays in
Installing
phase.From a grpci_cli debuging container I can reach and list services of the operatorhubio-catalog.olm.svc endpoint.
Within the operatorhubio-catalog pod the served configs seems ok.
All containers appears as running and livenessprobes seems to have been satisfied.
But a log from a packageserver pod returns:
I included what felt relevant from the olm-operator operatorhubio-catalog and packageserver logs.
catalog-operator.log
operatorhubio-catalog.log
packageserver.log
olm-operator.log
The text was updated successfully, but these errors were encountered: