Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-2330

events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-b6y9atnu-jxz6p"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • 4.12.0
    • 4.12
    • kube-scheduler
    • None
    • Important
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      For the {product-title} {product-version} release, the descheduler can now publish events to an API group, because the release adds additional role-based access controls (RBAC) rules to the descheduler's profile.

      (link:https://issues.redhat.com/browse/OCPBUGS-2330[*OCPBUGS-2330*]
      Show
      For the {product-title} {product-version} release, the descheduler can now publish events to an API group, because the release adds additional role-based access controls (RBAC) rules to the descheduler's profile. (link: https://issues.redhat.com/browse/OCPBUGS-2330 [* OCPBUGS-2330 *]
    • Bug Fix
    • Done

      Description of problem:

      Descheduler cluster log shows error "events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-b6y9atnu-jxz6p""

      Version-Release number of selected component (if applicable):

      [knarra@knarra openshift-tests-private]$ oc get clusterversion
      NAME      VERSION                                    AVAILABLE   PROGRESSING   SINCE   STATUS
      version   4.12.0-0.nightly-arm64-2022-10-10-023446   True        False         12h     Error while reconciling 4.12.0-0.nightly-arm64-2022-10-10-023446: the cluster operator insights is not available
      

      How reproducible:

      Always

      Steps to Reproduce:

      1. Install latest descheduler operator on 4.12 cluster
      2. start to test any of the strategy
      3.
      

      Actual results:

      When looking into the descheduler cluster logs user can see error below
      E1013 17:16:34.993817       1 event_broadcaster.go:253] Server rejected event '&v1.Event{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"d37463-7b84994c8b-l2vwk.171db06751872649", GenerateName:"", Namespace:"e2e-test-default-b6y9atnu-jxz6p", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), DeletionTimestamp:<nil>, DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]string(nil), ManagedFields:[]v1.ManagedFieldsEntry(nil)}, EventTime:time.Date(2022, time.October, 13, 17, 16, 34, 992878153, time.Local), Series:(*v1.EventSeries)(nil), ReportingController:"sigs.k8s.io.descheduler", ReportingInstance:"sigs.k8s.io.descheduler-descheduler-7fffff9844-47t8j", Action:"Descheduled", Reason:"RemovePodsViolatingNodeAffinity", Regarding:v1.ObjectReference{Kind:"Pod", Namespace:"e2e-test-default-b6y9atnu-jxz6p", Name:"d37463-7b84994c8b-l2vwk", UID:"25cfd80f-421d-4fd3-97e4-e439b79bca4b", APIVersion:"v1", ResourceVersion:"292149", FieldPath:""}, Related:(*v1.ObjectReference)(nil), Note:"pod evicted by sigs.k8s.io/descheduler", Type:"Normal", DeprecatedSource:v1.EventSource{Component:"", Host:""}, DeprecatedFirstTimestamp:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), DeprecatedLastTimestamp:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), DeprecatedCount:0}': 'events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-b6y9atnu-jxz6p"' (will not retry!)

      Expected results:

      Above error should not be seen

      Additional info:

      events.events.k8s.io is a new resource group which we do not have in the rbac rules yet. 

       

            rh-ee-lseveroa Lucas Severo Alves
            knarra@redhat.com Rama Kasturi Narra
            Rama Kasturi Narra Rama Kasturi Narra
            Darragh Fitzmaurice Darragh Fitzmaurice
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: