Cluster-api: clusterctl: filter out cert-manager-leaderelection ClusterRoleBinding

Created on 16 Apr 2020  路  5Comments  路  Source: kubernetes-sigs/cluster-api

What steps did you take and what happened:

  1. Create a management cluster with clusterctl
  2. Try to back it up using Velero
  3. Backup fails because it can't find cert-manager-leaderelection (Velero tries to back up all referenced roles)

What did you expect to happen:

  1. No failure

Anything else you would like to add:
https://github.com/jetstack/cert-manager/pull/2207 removed the cert-manager-leaderelection ClusterRoleBinding (there is another ClusterRoleBinding with a slightly different name that fulfills the same intent and actually works).

We should probably add code to the cert manager part of clusterctl that just filters out this ClusterRoleBinding by name when converting the bindata assets back to objects.

/kind bug
/help

help wanted kinbug lifecyclactive
Source
picture ncdc

Most helpful comment

What about having a local copy of the cert-manager manifest (instead of curl every time we build generate bin data)?

picture fabriziopandini on 17 Apr 2020
👍2

All 5 comments

@ncdc:
This request has been marked as needing help from a contributor.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

What steps did you take and what happened:

  1. Create a management cluster with clusterctl
  2. Try to back it up using Velero
  3. Backup fails because it can't find cert-manager-leaderelection (Velero tries to back up all referenced roles)

What did you expect to happen:

  1. No failure

Anything else you would like to add:
https://github.com/jetstack/cert-manager/pull/2207 removed the cert-manager-leaderelection ClusterRoleBinding (there is another ClusterRoleBinding with a slightly different name that fulfills the same intent and actually works).

We should probably add code to the cert manager part of clusterctl that just filters out this ClusterRoleBinding by name when converting the bindata assets back to objects.

/kind bug
/help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 16 Apr 2020

/assign
/lifecycle active

wfernandes picture wfernandes on 17 Apr 2020

/milestone v0.3.x

vincepri picture vincepri on 17 Apr 2020

Was able to repro this issue:
$ velero backup logs wff-test-velero-backup1 | grep -v level=info

time="2020-04-17T20:47:34Z" level=error msg="Error backing up item" backup=velero/wff-test-velero-backup1 error="clusterroles.rbac.authorization.k8s.io \"cert-manager-leaderelection\" not found" error.file="/go/src/github.com/vmware-tanzu/velero/pkg/backup/item_backupper.go:351" error.function="github.com/vmware-tanzu/velero/pkg/backup.(*defaultItemBackupper).executeActions" group=v1 logSource="pkg/backup/resource_backupper.go:287" name=cert-manager namespace= resource=serviceaccounts

wfernandes picture wfernandes on 17 Apr 2020

What about having a local copy of the cert-manager manifest (instead of curl every time we build generate bin data)?

fabriziopandini picture fabriziopandini on 17 Apr 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gyliu513 picture gyliu513  路  6Comments
jsturtevant picture jsturtevant  路  5Comments
wfernandes picture wfernandes  路  5Comments
fabriziopandini picture fabriziopandini  路  3Comments
chuckha picture chuckha  路  4Comments