-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keda installation in another namespace with helm chart version >2.12 gives an error #5943
Comments
Maybe the problem will be fixed if namespace name is not hardcoded and if you add: https://github.com/kedacore/charts/blob/v2.14.2/keda/templates/metrics-server/clusterrolebinding.yaml#L34 |
Same issue for us. We used a diferent namespace to kube-system. |
Same issue here. We used a different namespace, and this error was shown. |
For what it's worth, while we're having a separate problem, probably because we're using EKS 1.30, deploying chart version 2.14.2 in the |
Hi @tgmatt, thank you for your comment, did you use some special values for this? could you paste it? |
Of course, this is what we did:
The included values file just includes a definition for the ClusterTriggerAuthentication as it doesn't appear to get created automatically for some reason. I can share that if you want the keda operator to monitor queues instead of workload roles. |
In our case we don't need in AWS a role specific because don't need an authentication between namespaces, but it's curious that works in your case with terraform and a helm apply classic deployment in our case fail in version up from 2.12. Maybe terraform manage the values for the clusterrole installed by a different way, I don't know :( |
Report
We install the Keda helm chart in another namespace (called keda) and in the last versions of helm chart we receive this errors in the pod
keda-operator-metrics-apiserver
1 requestheader_controller.go:193] Unable to get configmap/extension-apiserver-authentication in kube-system. Usually fixed by 'kubectl create rolebinding -n kube-system ROLEBINDING_NAME --role=extension-apiserver-authentication-reader --serviceaccount=YOUR_NS:YOUR_SA'
1 main.go:254] "msg"="unable to run external metrics adapter" "error"="unable to load configmap based request-header-client-ca-file: configmaps \"extension-apiserver-authentication\" is forbidden: User \"system:serviceaccount:keda:keda-metrics-server\" cannot get resource \"configmaps\" in API group \"\" in the namespace \"kube-system\"" "logger"="keda_metrics_adapter"
Steps to Reproduce the Problem:
Use helm chart version of keda >2.12 in another namespace
KEDA Version
2.13.0 or 2.14.0
Kubernetes Version
1.30
Platform
Amazon Web Services
Expected Behavior
Pods up ;)
Actual Behavior
Pod
keda-operator-metrics-apiserver
enter in back-off and see these logs:1 requestheader_controller.go:193] Unable to get configmap/extension-apiserver-authentication in kube-system. Usually fixed by 'kubectl create rolebinding -n kube-system ROLEBINDING_NAME --role=extension-apiserver-authentication-reader --serviceaccount=YOUR_NS:YOUR_SA'
1 main.go:254] "msg"="unable to run external metrics adapter" "error"="unable to load configmap based request-header-client-ca-file: configmaps \"extension-apiserver-authentication\" is forbidden: User \"system:serviceaccount:keda:keda-metrics-server\" cannot get resource \"configmaps\" in API group \"\" in the namespace \"kube-system\"" "logger"="keda_metrics_adapter"
Steps to Reproduce the Problem
1.Use helm chart version of keda >2.12 in another namespace in a k8s cluster
Logs from KEDA operator
KEDA Version
2.13.0
Kubernetes Version
1.29
Platform
Amazon Web Services
Scaler Details
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: