skupper
skupper copied to clipboard
skupperproject
[v2] handling non existent service account
Describe the bug If a site is created with a service account that does not exist, the replicaset fails to create a skupper-router pod, the site is showing active status.
How To Reproduce Steps to reproduce the behavior:
- create namespaces:
skupperandnorth - apply CRDs and deploy skupper cluster-scoped controller in the
skuppernamespace. - create a site in the
northnamespace using the CLI - check that there are no router pods in the
northnamespace
Expected behavior
- this error is reported in the site status
Additional context
kubectl describe replicaset skupper-router-7dc8c5fbf9 -n north
Name: skupper-router-7dc8c5fbf9
Namespace: north
Selector: pod-template-hash=7dc8c5fbf9,skupper.io/component=router
Labels: app.kubernetes.io/name=skupper-router
app.kubernetes.io/part-of=skupper
application=skupper-router
pod-template-hash=7dc8c5fbf9
skupper.io/component=router
skupper.io/group=skupper-router
skupper.io/type=site
Annotations: deployment.kubernetes.io/desired-replicas: 1
deployment.kubernetes.io/max-replicas: 2
deployment.kubernetes.io/revision: 1
Controlled By: Deployment/skupper-router
Replicas: 0 current / 1 desired
Pods Status: 0 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
Labels: app.kubernetes.io/name=skupper-router
app.kubernetes.io/part-of=skupper
application=skupper-router
pod-template-hash=7dc8c5fbf9
skupper.io/component=router
skupper.io/group=skupper-router
skupper.io/type=site
Annotations: prometheus.io/port: 9090
prometheus.io/scrape: true
skupper.io/config-digest: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Service Account: skupper-controller
Containers:
router:
Image: quay.io/skupper/skupper-router:main
Ports: 5671/TCP, 9090/TCP, 55671/TCP, 45671/TCP
Host Ports: 0/TCP, 0/TCP, 0/TCP, 0/TCP
Liveness: http-get http://:9090/healthz delay=60s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get http://:9090/healthz delay=1s timeout=1s period=10s #success=1 #failure=3
Environment:
APPLICATION_NAME: skupper-router
POD_NAMESPACE: (v1:metadata.namespace)
POD_IP: (v1:status.podIP)
QDROUTERD_AUTO_MESH_DISCOVERY: QUERY
QDROUTERD_CONF: /etc/skupper-router/config/skrouterd.json
QDROUTERD_CONF_TYPE: json
SKUPPER_SITE_ID: 30e38069-2a00-4c1c-abde-4237a118018e
Mounts:
/etc/skupper-router-certs from skupper-router-certs (rw)
/etc/skupper-router-certs/skupper-amqps/ from skupper-local-server (rw)
/etc/skupper-router/config/ from router-config (rw)
config-sync:
Image: quay.io/gordons/config-sync:v2-milestone1
Port: <none>
Host Port: <none>
Readiness: http-get http://:9191/healthz delay=1s timeout=1s period=10s #success=1 #failure=3
Environment:
SKUPPER_NAMESPACE: (v1:metadata.namespace)
SKUPPER_SITE_ID: 30e38069-2a00-4c1c-abde-4237a118018e
SKUPPER_SITE_NAME: north
SKUPPER_CONFIG: skupper-router
SKUPPER_ROUTER_DEPLOYMENT: skupper-router
Mounts:
/etc/skupper-router-certs from skupper-router-certs (rw)
Volumes:
skupper-local-server:
Type: Secret (a volume populated by a Secret)
SecretName: skupper-local-server
Optional: false
router-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: skupper-router
Optional: false
skupper-router-certs:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
Conditions:
Type Status Reason
---- ------ ------
ReplicaFailure True FailedCreate
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedCreate 4m35s (x17 over 10m) replicaset-controller Error creating: pods "skupper-router-7dc8c5fbf9-" is forbidden: error looking up service account north/skupper-controller: serviceaccount "skupper-controller" not found
