-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Controller ClusterRole missing permissions #13341
Comments
I think you meant this file? The Controller ClusterRole? argo-workflows/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml Line 47 in 5aac5a8
It looks like Tim responded in your PR rather: argoproj/argo-helm#2825 (comment)
Are you sure that was in your Controller, and not in the workflow's own Pod? In your Helm issue, you pointed to the workflow role; that is the SA attached to Pods started by a workflow.
And indeed the agent communicates its status to the Controller that way. I don't believe the Controller otherwise needs that permission.
|
Pre-requisites
:latest
image tag (i.e.quay.io/argoproj/workflow-controller:latest
) and can confirm the issue still exists on:latest
. If not, I have explained why, in detail, in my description below.What happened? What did you expect to happen?
Describe the bug
Hi,
I have a problem with Argo workflows HTTP Template. When I run a workflow with using this template, the workflow lasts for 30 seconds or many minutes until it is finished. I researched the behavior and found an error message in the workflow-controller pod:
I've installed Argo workflows using the latest Helm-Chart. After I investigated the issue, i found missing permission in the ClusterRole for the workflow-controller.
After adding this rule to the ClusterRole on my cluster, all HTTP Template jobs are running perfectly fine. I've opened an issue at the Helm-Chart repo (argoproj/argo-helm#2824) and they pointed out to me that the permission is missed in the "manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml" file, too. Is it possible that these permissions are missing? Or did I some misconfiguration in my cluster? I'm a little confused that this issue should only happen on my site.
Thank you so much for helping.
Version(s)
v3.5.8
Paste a minimal workflow that reproduces the issue. We must be able to run the workflow; don't enter a workflows that uses private images.
Logs from the workflow controller
Logs from in your workflow's wait container
The text was updated successfully, but these errors were encountered: