Hi Im trying to switch oathkeeper from `managedAccessRules` Ory Community #general

Hi, Im trying to switch oathkeeper from `managedAc...

white-cartoon-58880

03/31/2025, 5:48 PM

Hi, Im trying to switch oathkeeper from

managedAccessRules

maester.enabled = true

in k8s, but switching the helm values and updating the helm release, I end up with

MountVolume.SetUp failed for volume "oathkeeper-rules-volume" : configmap "oathkeeper-rules" not found

Im not sure why the

oathkeeper-rules

configmap is not being defined, trying to figure out by reading the helm charts, but a bit difficult

white-cartoon-58880

03/31/2025, 5:52 PM

the oathkeeper-maester pod fails with

Copy code

ERROR   Could not wait for Cache to sync        {"controller": "rule", "controllerGroup": "oathkeeper.ory.sh", "controllerKind": "Rule", "error": "failed to wait for rule caches to sync: timed out waiting for cache to be synced for Kind *v1alpha1.Rule"}
{"error": "failed to get API group resources: unable to retrieve the complete list of server APIs: oathkeeper.ory.sh/v1alpha1: the server could not find the requested resource"}

Which is weird, helm is supposed to apply the CRD's

white-cartoon-58880

03/31/2025, 5:52 PM

but I was thinking, maybe CRD's are not applied because oathkeeper fails to start, because the oathkeeper-rules configmap is not found

white-cartoon-58880

03/31/2025, 6:18 PM

If i manually apply

<https://raw.githubusercontent.com/ory/k8s/refs/heads/master/helm/charts/oathkeeper-maester/crds/crd-rules.yaml>

, I can stop the oathkeeper-maester errors. But I still got the missing

oathkeeper-rules

configmap, which stops

oathkeeper

from starting

white-cartoon-58880

03/31/2025, 6:41 PM

Ok, so oathkeeper-maester needs som created CRD rules before it creates

oathkeeper-rules

configmap.. and then oathkeeper also starts

white-cartoon-58880

03/31/2025, 6:41 PM

so the main stopper was that the CRD was not being installed for some reason

6 Views

Open in Slack

Previous Next