Skip to content

Fix failed to read configmap when deployed using helm chart #2845

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix failed to read configmap when deployed using helm chart #2845

wants to merge 1 commit into from
+8 −0

Conversation

@Rash419
Copy link

@Rash419 Rash419 commented May 11, 2025
edited
Loading 

E0511 13:04:55.948743       1 main.go:277] "running
security-profiles-operator" err="enable controllers: setup spod-config
controller: get tunables: could not determine selinuxd image: configmaps
\"security-profiles-operator-profile\" is forbidden: User
\"system:serviceaccount:security-profiles-operator:security-profiles-operator\"
cannot get resource \"configmaps\" in API group \"\" in the namespace
\"security-profiles-operator\"" logger="setup"

What type of PR is this?

/kind bug

What this PR does / why we need it:

It fixes bug in spo's helm chart when operator can't read configmaps because of lack of permission.

Which issue(s) this PR fixes:

None

Does this PR have test?

N/A

Does this PR introduce a user-facing change?

NONE

@Rash419
Fix failed to read configmap when deployed using helm chart
54fcc9b 
E0511 13:04:55.948743       1 main.go:277] "running
security-profiles-operator" err="enable controllers: setup spod-config
controller: get tunables: could not determine selinuxd image: configmaps
\"security-profiles-operator-profile\" is forbidden: User
\"system:serviceaccount:security-profiles-operator:security-profiles-operator\"
cannot get resource \"configmaps\" in API group \"\" in the namespace
\"security-profiles-operator\"" logger="setup"
@k8s-ci-robot k8s-ci-robot added the do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. label May 11, 2025
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented May 11, 2025
edited
Loading

CLA Signed


The committers listed above are authorized under a signed CLA.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. label May 11, 2025
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented May 11, 2025

Welcome @Rash419!

It looks like this is your first PR to kubernetes-sigs/security-profiles-operator 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/security-profiles-operator has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label May 11, 2025
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented May 11, 2025

Hi @Rash419. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. release-note-none Denotes a PR that doesn't merit a release note. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels May 11, 2025
@saschagrunert
Copy link
Member

saschagrunert commented May 12, 2025

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 12, 2025
saschagrunert
saschagrunert approved these changes May 12, 2025
View reviewed changes
Copy link
Member

@saschagrunert saschagrunert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 12, 2025
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented May 12, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Rash419, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 12, 2025
@codecov-commenter
Copy link

codecov-commenter commented May 12, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 23.33%. Comparing base (11d77f4) to head (54fcc9b).
Report is 837 commits behind head on main.

Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #2845       +/-   ##
===========================================
- Coverage   45.50%   23.33%   -22.17%     
===========================================
  Files          79      117       +38     
  Lines        7782    19704    +11922     
===========================================
+ Hits         3541     4598     +1057     
- Misses       4099    14888    +10789     
- Partials      142      218       +76
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@saschagrunert
Copy link
Member

saschagrunert commented May 12, 2025

/lgtm cancel

May I ask you to fix the CI? https://prow.k8s.io/view/gs/kubernetes-ci-logs/pr-logs/pull/kubernetes-sigs_security-profiles-operator/2845/pull-security-profiles-operator-verify/1921814827282468864

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 12, 2025
@Rash419
Copy link
Author

Rash419 commented May 12, 2025

/lgtm cancel

May I ask you to fix the CI? https://prow.k8s.io/view/gs/kubernetes-ci-logs/pr-logs/pull/kubernetes-sigs_security-profiles-operator/2845/pull-security-profiles-operator-verify/1921814827282468864

Sure. Let me check

@ccojocar
Copy link
Contributor

ccojocar commented Jun 4, 2025

/test all

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Jun 4, 2025

@Rash419: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-security-profiles-operator-verify 54fcc9b link true /test pull-security-profiles-operator-verify

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@ccojocar
Copy link
Contributor

ccojocar commented Jun 4, 2025

@Rash419 Please could you fix the build failure? Thanks

@Rash419
Copy link
Author

Rash419 commented Jun 19, 2025

@Rash419 Please could you fix the build failure? Thanks

I will check it, this weekend. sorry for the delay.

@k8s-triage-robot
Copy link

k8s-triage-robot commented Sep 17, 2025

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 17, 2025
@k8s-triage-robot
Copy link

k8s-triage-robot commented Oct 17, 2025

The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle rotten
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Oct 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@saschagrunert saschagrunert saschagrunert approved these changes

@jhrozek jhrozek Awaiting requested review from jhrozek

@Vincent056 Vincent056 Awaiting requested review from Vincent056

Assignees

@saschagrunert saschagrunert

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@Rash419 @k8s-ci-robot @saschagrunert @codecov-commenter @ccojocar @k8s-triage-robot