question

kurt.gesslbauer_188474 avatar image
kurt.gesslbauer_188474 asked Erick Ramirez commented

Can I use the cass-operator on an OpenShift cluster?

I tried to deploy the cass-operator on my openshift cluster in AWS but it failed with the following error:

{"level":"info","ts":1588752585.0189726,"logger":"cmd","msg":"TLS secret for webhook updated"}
{"level":"error","ts":1588752585.019057,"logger":"cmd","msg":"Failed to update certificates","error":"open /tmp/k8s-webhook-server/tls.crt: permission denied","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/go/pkg/mod/github.com/go-logr/zapr@v0.1.1/zapr.go:128\nmain.updateSecretAndWebhook\n\t/cass-operator/operator/cmd/manager/main.go:287\nmain.ensureWebhookCertificate\n\t/cass-operator/operator/cmd/manager/main.go:256\nmain.main\n\t/cass-operator/operator/cmd/manager/main.go:139\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:203"}
{"level":"error","ts":1588752585.0191653,"logger":"cmd","msg":"Failed to ensure webhook CA configuration","error":"open /tmp/k8s-webhook-server/tls.crt: permission denied","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/go/pkg/mod/github.com/go-logr/zapr@v0.1.1/zapr.go:128\nmain.main\n\t/cass-operator/operator/cmd/manager/main.go:140\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:203"}

Can you give any hint how to solve such a problem?

kubernetesopenshift
10 |1000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

2 Answers

Erick Ramirez avatar image
Erick Ramirez answered

@kurt.gesslbauer_188474 The operator is not certified with OpenShift and we are still working through the process with RedHat. I don't have any rough timelines since we are still scoping the requirements from RedHat.

I will update my answer when I know more. In the meantime, I'll see if our Kubernetes engineers can provide some workaround to the errors you've posted. Cheers!

Share
10 |1000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

eldon.stegall_131123 avatar image
eldon.stegall_131123 answered Erick Ramirez commented

@kurt.gesslbauer_188474 It looks like there is an issue with the webhook certificate files, but we've been unable to reproduce so far. We'd greatly appreciate it if you could provide some additional information, such as the version of openshift in which this occurred, and the strategy you used to deploy it. Is this a result of following the quickstart directions here: https://github.com/datastax/cass-operator#getting-started ? Thanks!

2 comments Share
10 |1000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

kurt.gesslbauer_188474 avatar image kurt.gesslbauer_188474 commented ·

Thx for trying to help. We run openshift 4.4.3, installation is done via openshift-install downloaded from https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/ . Configuration is based on the following yaml: 

apiVersion: v1
baseDomain: spectrum-power.de
compute:
- hyperthreading: Enabled
  name: worker
  platform: {}
  replicas: 3
controlPlane:
  hyperthreading: Enabled
  name: master
  platform: {}
  replicas: 3
metadata:
  creationTimestamp: null
  name: ops
networking:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  machineNetwork:
  - cidr: 10.0.0.0/16
  networkType: OpenShiftSDN
  serviceNetwork:
  - 172.30.0.0/16
platform:
  aws:
    region: eu-central-1
publish: External
pullSecret: ''

The configuration gets adapted for the metadata:name and for the pullSecret before used.

0 Likes 0 ·
Erick Ramirez avatar image Erick Ramirez ♦♦ kurt.gesslbauer_188474 commented ·

@kurt.gesslbauer_188474 A friendly note to let you know that I converted your post to a comment since it's not an "answer". Cheers!

0 Likes 0 ·