Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-23083

Cluster Network Operator needs additional RBAC permission to deploy network-node-identity when Calico is the network type

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done-Errata
    • Critical
    • 4.15.0
    • 4.14
    • HyperShift
    • Important
    • No
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, when you set the `hostedcluster.spec.networking.networkType` field to `Calico` in a hosted cluster, the Cluster Network Operator did not have enough role-based access control (RBAC) permissions to deploy the `network-node-identity` resource. With this update, the `network-node-identity` resource is deployed successfully. (link:https://issues.redhat.com/browse/OCPBUGS-23083[*OCPBUGS-23083*])

      Show
      * Previously, when you set the `hostedcluster.spec.networking.networkType` field to `Calico` in a hosted cluster, the Cluster Network Operator did not have enough role-based access control (RBAC) permissions to deploy the `network-node-identity` resource. With this update, the `network-node-identity` resource is deployed successfully. (link: https://issues.redhat.com/browse/OCPBUGS-23083 [* OCPBUGS-23083 *])
    • Bug Fix
    • Done

    Description

      Description of problem:

      When the network type is Calico for a hosted cluster, the rbac policies that are laid down for CNO do not include permissions to deploy network-node-identity

      Version-Release number of selected component (if applicable):

       

      How reproducible: IBM Satellite environment

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

       

      Expected results:

       

      Additional info:

       

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-23142 Cluster Network Operator needs additional RBAC permission to deploy network-node-identity when Calico is the network type

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-23142 Cluster Network Operator needs additional RBAC permission to deploy network-node-identity when Calico is the network type

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          links to

          GitHub openshift/hypershift#3172: OCPBUGS-23083: adding permission to CNO RBAC Calico path for network-node-identity deploy

          Web Link RHEA-2023:7198 rpm

          mentioned on

          GitLab Merge request - Bump IBM integration to our latest prod image.

          Activity

            People

              agarcial@redhat.com Alberto Garcia Lamela
              rodriguf Francisco Rodriguez
              He Liu He Liu
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: