Error: rolebindings.rbac.authorization.k8s.io "..." already exited

While deploying the connect+operator to a EKS Kubernetes cluster, the deployment often failed with error:

Warning: Helm release "onepassword-connect" was created but has a failed status. Use the helm command to investigate the error, correct it, then run Terraform again.
....
Error: rolebindings.rbac.authorization.k8s.io "onepassword-connect-operator-kube-system" already exists.

I tried Helm chart version 1.2.0 and 1.3.0. The weird part is that it actually worked half the time, failed half the time. It only failed if I have operator enabled.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • After more digging. This seems to be pattern:
    If I have connect + k8s operator enabled during initial terraform apply, this error would show up:

    Warning: Helm release "onepassword-connect" was created but has a failed status. Use the helm command to investigate the error, correct it, then run Terraform again.
    Error: rolebindings.rbac.authorization.k8s.io "onepassword-connect-operator-kube-system" already exists.

    If I have connect up and running without operator, then enable operator and terraform apply, then this error would show up:

    module.k8s_cluster.helm_release.onepassword: Modifying... [id=onepassword-connect]
    Error: no RoleBinding with the name "onepassword-connect-operator-kube-system" found

  • Jillian_1PJillian_1P

    Team Member

    Hi there,

    Do you mind sharing what configurations you have set in terraform, (with any secret information redacted)?

  • edited July 1

    I used almost the default helm installation from the github site. It was working two weeks ago when I implemented it. Just start to fail last week.

    If I have both connector and operator enabled, I received this error when deploying terraform apply, it will fail with error:

    Error: rolebindings.rbac.authorization.k8s.io "onepassword-connect-operator-kube-system" already exists.

    I then had to change the value to deploy the connect without operator.

    operator:
    create: false
    autoRestart: true
    applicationName: onepassword-connect-operator
    imagePullPolicy: IfNotPresent

    Then, change the value to

    operator:
    create: true
    autoRestart: true
    applicationName: onepassword-connect-operator
    imagePullPolicy: IfNotPresent

    and run terraform apply one more time, to get this error

    Error: no ClusterRoleBinding with the name "onepassword-connect-operator-kube-system" found

  • Found out the reason, I have it configured to watch two namespaces. In this case, the "{{ .Release.Namespace }}" and ${watched_namespace} are exact the same value. Once I removed it, it worked.

      podLabels: {}
      watchNamespace:
        - "{{ .Release.Namespace }}"
        - ${watched_namespace}
      resources: {}
      token:
    
  • ag_anaag_ana

    Team Member

    Thank you for the update @parksidemx! :+1:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file