We've deployed this operator into Openshift 3.11 which doesn't have Operator Lifecycle Manager (OLM) and using the instructions on this page (https://github.com/IBM/ibm-licensing-operator/blob/v1.7.0/docs/Content/Install_without_OLM.md) the operator pod fails to start with the following error:
E0825 03:18:28.082831 1 reflector.go:127] pkg/mod/k8s.io/client-go@v0.19.4/tools/cache/reflector.go:156: Failed to watch
*v1.Deployment: failed to list *v1.Deployment: deployments.apps is forbidden: User "system:serviceaccount:ibm-common-
services:ibm-licensing-operator" cannot list deployments.apps at the cluster scope: no RBAC policy matched
This is due to the operator deployment setting the WATCH_NAMESPACE environment variable to
metadata.annotations['olm.targetNamespaces']. This causes the operator pod to try to start watching all namespaces but doesn't have the required cluster roles. The work around for us is to set the WATCH_NAMESPACE env variable to metadata.namespace .
We've deployed this operator into Openshift 3.11 which doesn't have Operator Lifecycle Manager (OLM) and using the instructions on this page (https://github.com/IBM/ibm-licensing-operator/blob/v1.7.0/docs/Content/Install_without_OLM.md) the operator pod fails to start with the following error:
This is due to the operator deployment setting the WATCH_NAMESPACE environment variable to
metadata.annotations['olm.targetNamespaces']. This causes the operator pod to try to start watching all namespaces but doesn't have the required cluster roles. The work around for us is to set the WATCH_NAMESPACE env variable tometadata.namespace.