orpiske opened a new issue #1302: User cannot create resource in API group URL: https://github.com/apache/camel-k/issues/1302 When running an integration on our OpenShift 4.2.9 I got an error stating that the user cannot create resource "servicemonitors" in the the API group "monitoring.coreos.com". The message is: ```{"level":"error","ts":1582651063.927428,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"integration-controller","request":"camel-k-event-streaming-dev/open-aq-consumer","error":"error executing post actions: error during replace resource: could not create or replace resource open-aq-consumer: servicemonitors.monitoring.coreos.com is forbidden: User \"system:serviceaccount:camel-k-event-streaming-dev:camel-k-operator\" cannot create resource \"servicemonitors\" in API group \"monitoring.coreos.com\" in the namespace \"camel-k-event-streaming-dev\"","errorVerbose":"servicemonitors.monitoring.coreos.com is forbidden: User \"system:serviceaccount:camel-k-event-streaming-dev:camel-k-operator\" cannot create resource \"servicemonitors\" in API group \"monitoring.coreos.com\" in the namespace \"camel-k-event-streaming-dev\"\ncould not create or replace resource open-aq-consumer``` The full message is available [here](http://www.angusyoung.org/arquivos/issues/camel-k/001/user-forbidden.log). Despite the message, it integration eventually runs ... after a long time stuck in the Deployment part. I have tried working around this issue by increasing the permissions for the operator user with: `oc policy add-role-to-user edit system:serviceaccount:camel-k-event-streaming-dev:camel-k-operator` However that did not help either (and, in fact, made it worse) because the integration now gets completely stuck and the operator seems to enter a loop with the error below: ```E0226 09:43:17.083486 1 reflector.go:123] k8s.io/client-go@v12.0.0+incompatible/tools/cache/reflector.go:96: Failed to list *v1.ServiceMonitor: servicemonitors.monitoring.coreos.com is forbidden: User "system:serviceaccount:camel-k-event-streaming-dev:camel-k-operator" cannot list resource "servicemonitors" in API group "monitoring.coreos.com" in the namespace "camel-k-event-streaming-dev": RBAC: clusterrole.rbac.authorization.k8s.io "list" not found ``` The output of my `oc get integrationplatform -o yaml` is available [here](www.angusyoung.org/arquivos/issues/camel-k/001/integrationplatform.yaml).
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
