Canonical Juju

Model Operator In Juju using incorrect controller namespace

Bug #1919442 reported by Thomas Miller on 2021-03-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Fix Released	High	Thomas Miller	Canonical Juju 2.9-rc7

Bug Description

With Juju 2.8+ the model operator is no longer operating correctly on the controller model. Other models are not affected.

This is due to how the Kubernetes provider processes model names for the controller when working out which namespace to use.

ERROR github.com/juju/juju/worker/caasrbacmapper/mapper.go:79: Failed to watch *v1.ServiceAccount: failed to list *v1.ServiceAccount: serviceaccounts is forbidden: User "system:serviceaccount:controller-microk8s-localhost:modeloperator" cannot list resource "serviceaccounts" in API group "" in the namespace "controller"

Thomas Miller (tlmiller) on 2021-03-17

Changed in juju:
status:	New → In Progress
importance:	Undecided → High
assignee:	nobody → Thomas Miller (tlmiller)
milestone:	none → 2.8.10

Thomas Miller (tlmiller) on 2021-03-17

no longer affects:	juju/2.9
Changed in juju:
milestone:	2.8.10 → 2.9-rc7

Revision history for this message

Thomas Miller (tlmiller) wrote on 2021-03-17:

This bug turned out to be a permission issue with namespace list missing. The caas provider requires this to work.

PR: https://github.com/juju/juju/pull/12782

Thomas Miller (tlmiller) on 2021-03-18

Changed in juju:
status:	In Progress → Fix Committed

Joseph Phillips (manadart) on 2021-04-28

Changed in juju:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.