Loading...

Type: Bug
Resolution: Done
Priority: Undefined
Fix Version/s: 4.12.0
Affects Version/s: 4.12
Component/s: kube-scheduler
Labels:
None

Severity:
Important
Regression:
None
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
For the {product-title} {product-version} release, the descheduler can now publish events to an API group, because the release adds additional role-based access controls (RBAC) rules to the descheduler's profile.

(link:https://issues.redhat.com/browse/OCPBUGS-2330[*~~OCPBUGS-2330~~*]

Show
For the {product-title} {product-version} release, the descheduler can now publish events to an API group, because the release adds additional role-based access controls (RBAC) rules to the descheduler's profile. (link: https://issues.redhat.com/browse/OCPBUGS-2330 [* OCPBUGS-2330 *]
Release Note Type:
Bug Fix
Release Note Status:
Done
Target Version:

4.12.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

Descheduler cluster log shows error "events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-b6y9atnu-jxz6p""

Version-Release number of selected component (if applicable):

[knarra@knarra openshift-tests-private]$ oc get clusterversion
NAME      VERSION                                    AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.12.0-0.nightly-arm64-2022-10-10-023446   True        False         12h     Error while reconciling 4.12.0-0.nightly-arm64-2022-10-10-023446: the cluster operator insights is not available

How reproducible:

Always

Steps to Reproduce:

1. Install latest descheduler operator on 4.12 cluster
2. start to test any of the strategy
3.

Actual results:

When looking into the descheduler cluster logs user can see error below
E1013 17:16:34.993817       1 event_broadcaster.go:253] Server rejected event '&v1.Event{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"d37463-7b84994c8b-l2vwk.171db06751872649", GenerateName:"", Namespace:"e2e-test-default-b6y9atnu-jxz6p", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), DeletionTimestamp:<nil>, DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]string(nil), ManagedFields:[]v1.ManagedFieldsEntry(nil)}, EventTime:time.Date(2022, time.October, 13, 17, 16, 34, 992878153, time.Local), Series:(*v1.EventSeries)(nil), ReportingController:"sigs.k8s.io.descheduler", ReportingInstance:"sigs.k8s.io.descheduler-descheduler-7fffff9844-47t8j", Action:"Descheduled", Reason:"RemovePodsViolatingNodeAffinity", Regarding:v1.ObjectReference{Kind:"Pod", Namespace:"e2e-test-default-b6y9atnu-jxz6p", Name:"d37463-7b84994c8b-l2vwk", UID:"25cfd80f-421d-4fd3-97e4-e439b79bca4b", APIVersion:"v1", ResourceVersion:"292149", FieldPath:""}, Related:(*v1.ObjectReference)(nil), Note:"pod evicted by sigs.k8s.io/descheduler", Type:"Normal", DeprecatedSource:v1.EventSource{Component:"", Host:""}, DeprecatedFirstTimestamp:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), DeprecatedLastTimestamp:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), DeprecatedCount:0}': 'events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-b6y9atnu-jxz6p"' (will not retry!)

Expected results:

Above error should not be seen

Additional info:

events.events.k8s.io is a new resource group which we do not have in the rbac rules yet.

blocks

OCPBUGS-5457 events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-b6y9atnu-jxz6p"

Closed

is cloned by

OCPBUGS-5450 events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-b6y9atnu-jxz6p"

Closed

OCPBUGS-5457 events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-b6y9atnu-jxz6p"

Closed

is depended on by

OCPBUGS-5450 events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-b6y9atnu-jxz6p"

Closed

links to

openshift/cluster-kube-descheduler-operator#277: OCPBUGS-2330: add new events apiGroup

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates