Strimzi
-
|
Hi Team - But, I can't see the cluster is running and when checked the operator logs I see below: Caused by: io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: POST at: https://192.168.0.1:443/apis/policy/v1/namespaces/kafka/poddisruptionbudgets. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. admission webhook "validation.gatekeeper.sh" denied the request: [pod-distruption-budget] All Pod Disruption Budgets must have an .spec.maxUnavailable configured. Could you please help. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
This is a bit confusing without knowing what exact steps you did and seeing the full log. From the error, I guess you have 3rd party tools (Gatekeeper) which block some of the API calls So you will need to address that somehow. |
Beta Was this translation helpful? Give feedback.
-
|
strimzi-cluster-operator.log
|
Beta Was this translation helpful? Give feedback.
-
|
Yeah, from the log it looks like you have some tooling in your cluster which is blocking the operator from creating the PodDisruptionBudget. It complains that it needs to have |
Beta Was this translation helpful? Give feedback.
-
|
Thank you. I will check with our internal team if we can adjust the gatekeeper policy. Thanks again!!! |
Beta Was this translation helpful? Give feedback.
Yeah, from the log it looks like you have some tooling in your cluster which is blocking the operator from creating the PodDisruptionBudget. It complains that it needs to have
.spec.maxUnavailable. But Strimzi cannot usemaxUnavailablebecause of https://kubernetes.io/docs/tasks/run-application/configure-pdb/#arbitrary-controllers-and-selectors -> so we useminAvailable. So you will need to have this tooling adjusted to support it.