ServiceBinding not functioning

[dascog]

ServiceBinding exercise not functioning

This is from Chapter 7 in the book, working through the ServiceBinding exercise starting on page 80. I am attempting to deploy this on an OpenShift 4.10 cluster (not on CRC).

Step 1

• Add the following YAML to the Project (mine is called admin-noted)

apiVersion: binding.operators.coreos.com/v1alpha1
kind: ServiceBinding
metadata:
  name: svc-bind-quarkus-database
  namespace: admin-noted
spec:
  application:
    group: apps
    name: quarkus-backend
    resource: deployments
    version: v1
  bindAsFiles: false
  mappings:
  - name: DATABASE_JDBC_URL
    value: 'jdbc:postgresql://{{ .postgresDB.status.dbConnectionIP }}:{{ .postgresDB.status.dbConnectionPort }}/{{ .postgresDB.status.dbName }}'
  services:
  - group: postgresql.baiju.dev
    id: postgresDB
    kind: Database
    name: demo-database
    version: v1alpha1

Step 2: Check the deployment

• The frontend route runs fine, but functions exactly as with no database (i.e. delete doesn't work etc).
• When I describe the service binding I get the following:

$ oc describe servicebinding svc-bind-quarkus-database
Name:         svc-bind-quarkus-database
Namespace:    admin-noted
Labels:       <none>
Annotations:  servicebinding.io/requester:
                {"username":"kube:admin","groups":["system:cluster-admins","system:authenticated"],"extra":{"scopes.authorization.openshift.io":["user:ful...
API Version:  binding.operators.coreos.com/v1alpha1
Kind:         ServiceBinding
Metadata:
  Creation Timestamp:  2022-04-27T15:44:57Z
  Finalizers:
    finalizer.servicebinding.openshift.io
  Generation:  1
  Managed Fields:
    API Version:  binding.operators.coreos.com/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:spec:
        .:
        f:application:
          .:
          f:group:
          f:name:
          f:resource:
          f:version:
        f:bindAsFiles:
        f:mappings:
        f:services:
    Manager:      Mozilla
    Operation:    Update
    Time:         2022-04-27T15:44:57Z
    API Version:  binding.operators.coreos.com/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:finalizers:
          .:
          v:"finalizer.servicebinding.openshift.io":
    Manager:      manager
    Operation:    Update
    Time:         2022-04-27T15:44:57Z
    API Version:  binding.operators.coreos.com/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:status:
        .:
        f:conditions:
          .:
          k:{"type":"CollectionReady"}:
            .:
            f:lastTransitionTime:
            f:message:
            f:reason:
            f:status:
            f:type:
          k:{"type":"Ready"}:
            .:
            f:lastTransitionTime:
            f:message:
            f:reason:
            f:status:
            f:type:
        f:secret:
    Manager:         manager
    Operation:       Update
    Subresource:     status
    Time:            2022-04-27T15:44:57Z
  Resource Version:  788136
  UID:               9e0ff2b0-75bf-4276-be32-aa8328c7bf28
Spec:
  Application:
    Group:        apps
    Name:         quarkus-backend
    Resource:     deployments
    Version:      v1
  Bind As Files:  false
  Mappings:
    Name:   DATABASE_JDBC_URL
    Value:  jdbc:postgresql://{{ .postgresDB.status.dbConnectionIP }}:{{ .postgresDB.status.dbConnectionPort }}/{{ .postgresDB.status.dbName }}
  Services:
    Group:    postgresql.baiju.dev
    Id:       postgresDB
    Kind:     Database
    Name:     demo-database
    Version:  v1alpha1
Status:
  Conditions:
    Last Transition Time:  2022-04-27T15:44:57Z
    Message:               databases.postgresql.baiju.dev "demo-database" is forbidden: User "system:serviceaccount:openshift-operators:service-binding-operator" cannot get resource "databases" in API group "postgresql.baiju.dev" in the namespace "admin-noted"
    Reason:                ErrorReadingServices
    Status:                False
    Type:                  CollectionReady
    Last Transition Time:  2022-04-27T15:44:57Z
    Message:               databases.postgresql.baiju.dev "demo-database" is forbidden: User "system:serviceaccount:openshift-operators:service-binding-operator" cannot get resource "databases" in API group "postgresql.baiju.dev" in the namespace "admin-noted"
    Reason:                ProcessingError
    Status:                False
    Type:                  Ready
  Secret:
Events:                    <none>

• I am guessing the lack of access to databases in postgresql.baiju.dev is the problem?

[mauricekoster]

I've got the same issue. The error message on the ServiceBinding:
databases.postgresql.baiju.dev "demo-database" is forbidden: User "system:serviceaccount:openshift-operators:service-binding-operator" cannot get resource "databases" in API group "postgresql.baiju.dev" in the namespace "noted"

Missing a step to add some RBAC stuf?

CRC version: 2.10.2+1bc2e5a
OpenShift version: 4.11.7

[romgal]

Created RoleBinding (obviously namespace may vary)

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: service-binding-operator databases admin
  namespace: o4d-noted
subjects:
  - kind: ServiceAccount
    name: service-binding-operator
    namespace: openshift-operators
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: databases.postgresql.baiju.dev-v1alpha1-admin

connected afterwards, probably totally wrong and/or too much (admin) but at least it works. Still learning :)