Lab 1 on OCP 4.4 userX cannot create address space

[evanshortiss]

Running on OCP 4.4 the user cannot complete "7. Create your AMQ Online Topic" since they cannot view the catalog. They need "cluserservices" permissions.

[evanshortiss]

Navigating to https://$CLUSTER_HOST/catalog/ns/user1 results in an error or blank page. Web inspector reveals 403 HTTP response from https://$CLUSTER_HOST/api/kubernetes/apis/config.openshift.io/v1/clusterversions/version and 404 from https://$CLUSTER_HOST/api/kubernetes/api/v1/namespaces/openshift-logging/configmaps/sharing-config`

[evanshortiss]

• /api/kubernetes/apis/ocs.openshift.io/v1/namespaces/openshift-storage/storageclusters/ocs-independent-storagecluster - 403
• /api/kubernetes/apis/operators.coreos.com/v1alpha1/namespaces/openshift-storage/subscriptions/ocs-subscription - 404
• api/kubernetes/apis/config.openshift.io/v1/infrastructures/cluster - 403
• /api/kubernetes/apis/apiregistration.k8s.io/v1/apiservices? - 403

[evanshortiss]

Even after adding full cluster-admin rights (oc adm policy add-cluster-role-to-user cluster-admin user1) the user cannot view the catalog. Might be an issue with this cluster?

[sigreen]

I had the same issue with two separate workshops today on RHPDS @evanshortiss . Work around is to naviagate to the Administrator Console, select the Operator and create the Address Space that way. Unfortunately this didn't work for Postgres lab as there is no operator available.

[dgutride]

I also had this issue - it's a missing a displayName in the Infinispan Operator for the Cache - once that was added in the yaml for the operator, the Catalog page was visible. This is because the tileName is undefined.

on this page: /k8s/ns/user2/operators.coreos.comv1alpha1ClusterServiceVersion/infinispan-operator.v2.0.2/yaml (I added displayName)

spec:
customresourcedefinitions:
owned:
- description: Cache is the Schema for the caches API
displayName: Infinispan Cache
kind: Cache
name: caches.infinispan.org
version: v2alpha1

[evanshortiss]

Nice find @dgutride! So do we know if this is isolated to OCP 4.4 or is it an issue with the pre-created Infinispan operator that can be addressed in the installer, or perhaps caused by a mixture of hte the two?

[dgutride]

@evanshortiss - the code is the same between minor versions of OpenShift - I upgraded to try to fix this in the process. I'm not quite sure why they aren't validating the displayName on the operator yaml unless the install process here is doing something unusual.

I think the issue is with infinispan - looks like this commit broke things a few weeks ago: infinispan/infinispan-operator@20e7885#diff-350feddf31ee00a2f0bcf71b204a30c1.

Created this PR: infinispan/infinispan-operator#485 to see if they'll take it in for the issue.

[evanshortiss]

@sigreen looks like that'll do the trick 👍

@dgutride I just checked and the displayName is there on my cluster. So maybe there's another issue at play here?

[dgutride]

@evanshortiss - you need another displayName entry for the cache (line 60 or so)

[sigreen]

Thanks @dgutride and @evanshortiss . I can confirm that Dana's fix has resolve my issue. I updated the Infinispan operator YAML in userX project at line 55 to the following:

spec:
  customresourcedefinitions:
    owned:
      - description: Cache is the Schema for the caches API
        displayName: Infinispan Cache
        kind: Cache
        name: caches.infinispan.org
        version: v2alpha1
      - description: An Infinispan cluster instance.
        displayName: Infinispan Cluster
        kind: Infinispan
        name: infinispans.infinispan.org

After saving that change, I was able to login to my user project and view the catalog!

[evanshortiss]

Thanks @dgutride, and @sigreen

[hguerrero]

This should have been fixed by the change to Data Grid instead.