Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ClustercloudEventSources cannot be listed when using watchNamespace keda 2.16.1 #6493

Closed
aurelgcmoi opened this issue Jan 22, 2025 · 2 comments
Closed

ClustercloudEventSources cannot be listed when using watchNamespace keda 2.16.1 #6493

aurelgcmoi opened this issue Jan 22, 2025 · 2 comments
Labels
bug Something isn't working

Comments

@aurelgcmoi
Copy link

aurelgcmoi commented Jan 22, 2025
edited
Loading

Report

When using the watchNamespace feature with keda 2.16.1, the operator pod gives an error:

User "system:serviceaccount:keda:keda-operator" cannot list resource "clustercloudeventsources" cluster wide

Expected Behavior

User "system:serviceaccount:keda:keda-operator" should be able to list resource "clustercloudeventsources" cluster wide

Actual Behavior

User "system:serviceaccount:keda:keda-operator" cannot list resource "clustercloudeventsources" cluster wide

Steps to Reproduce the Problem

  1. Deploy keda helm with watchNamespace feature listing some namespaces

Logs from KEDA operator

W0122 07:17:43.186273 1 reflector.go:561] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers.go:106: failed to list *v1alpha1.ClusterCloudEventSource: clustercloudeventsources.eventing.keda.sh is forbidden: User "system:serviceaccount:keda:keda-operator" cannot list resource "clustercloudeventsources" in API group "eventing.keda.sh" at the cluster scope

E0122 07:17:43.186320 1 reflector.go:158] "Unhandled Error" err="sigs.k8s.io/controller-runtime/pkg/cache/internal/informers.go:106: Failed to watch *v1alpha1.ClusterCloudEventSource: failed to list *v1alpha1.ClusterCloudEventSource: clustercloudeventsources.eventing.keda.sh is forbidden: User \"system:serviceaccount:keda:keda-operator\" cannot list resource \"clustercloudeventsources\" in API group \"eventing.keda.sh\" at the cluster scope" logger="UnhandledError"

The cluster role keda-operator looks alright and do list this

  - eventing.keda.sh
  resources:
  - cloudeventsources
  - cloudeventsources/status
  - clustercloudeventsources
  - clustercloudeventsources/status
  verbs:
  - get
  - list
  - patch
  - update
  - watch

and the rolebindings look good too

# k get rolebindings.rbac.authorization.k8s.io -A | grep keda-operator
demat-demo-a           keda-operator                                                  ClusterRole/keda-operator
identity-demo-a        keda-operator                                                  ClusterRole/keda-operator
keda                   keda-operator                                                  ClusterRole/keda-operator

KEDA Version

2.16.1

Kubernetes Version

1.29

Platform

None

Scaler Details

No response

Anything else?

No response
@aurelgcmoi aurelgcmoi added the bug Something isn't working label Jan 22, 2025
@SpiritZhou SpiritZhou mentioned this issue Jan 23, 2025
Closed
4 tasks
@SpiritZhou
Copy link
Contributor

Thx for your report. there is a missing ClusterCloudEventSource in the ClusterRole of the chart, and we'll fix it.

@JorTurFer
Copy link
Member

This was fixed by kedacore/charts#714

@github-project-automation github-project-automation bot moved this from To Triage to Ready To Ship in Roadmap - KEDA Core Jan 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
Roadmap - KEDA Core
Status: Ready To Ship
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SpiritZhou @JorTurFer @aurelgcmoi