Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-33061

"verticalpodautoscalers.autoscaling.k8s.io" is forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" error log in cmo

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 4.16
    • Monitoring
    • None
    • No
    • MON Sprint 252
    • 1
    • Rejected
    • False
    • Hide

      None

      Show
      None

      While I was testing metrics-server change upon checking cmo log I could see issue for vpa forbidden user in cmo logs

      Steps:
      1. Created a 4.16 cluster in cluster-bot and later converted to techpreview by applying

      apiVersion: config.openshift.io/v1
kind: FeatureGate
metadata:
  name: cluster
spec:
  featureSet: TechPreviewNoUpgrade

      2. Applied the changes in https://github.com/openshift/cluster-monitoring-operator/pull/2333/files by running `make run-local` seeing this in cmo logs after that.  The changes in PR doesn't change any other code base than metrics-server task hence didn't expect this error.

      Please review if this is an issue with latest change or problem in techpreview clusters only

      W0427 15:07:13.418243   12320 reflector.go:539] pkg/operator/operator.go:569: failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io "verticalpodautoscalers.autoscaling.k8s.io" is forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
E0427 15:07:13.418266   12320 reflector.go:147] pkg/operator/operator.go:569: Failed to watch *v1.CustomResourceDefinition: failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io "verticalpodautoscalers.autoscaling.k8s.io" is forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
I0427 15:07:17.523571   12320 operator.go:650] Triggering an update due to a change in *v1.ClusterVersion/version
I0427 15:07:49.654105   12320 reflector.go:325] Listing and watching *v1.CustomResourceDefinition from pkg/operator/operator.go:569
W0427 15:07:49.912409   12320 reflector.go:539] pkg/operator/operator.go:569: failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io "verticalpodautoscalers.autoscaling.k8s.io" is forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
E0427 15:07:49.912429   12320 reflector.go:147] pkg/operator/operator.go:569: Failed to watch *v1.CustomResourceDefinition: failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io "verticalpodautoscalers.autoscaling.k8s.io" is forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
I0427 15:08:34.370261   12320 reflector.go:325] Listing and watching *v1.CustomResourceDefinition from pkg/operator/operator.go:569
W0427 15:08:34.628379   12320 reflector.go:539] pkg/operator/operator.go:569: failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io "verticalpodautoscalers.autoscaling.k8s.io" is forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
E0427 15:08:34.628403   12320 reflector.go:147] pkg/operator/operator.go:569: Failed to watch *v1.CustomResourceDefinition: failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io "verticalpodautoscalers.autoscaling.k8s.io" is forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
I0427 15:09:02.284555   12320 operator.go:650] Triggering an update due to a change in *v1.ClusterVersion/version
I0427 15:09:11.899969   12320 reflector.go:325] Listing and watching *v1.CustomResourceDefinition from pkg/operator/operator.go:569
W0427 15:09:12.158785   12320 reflector.go:539] pkg/operator/operator.go:569: failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io "verticalpodautoscalers.autoscaling.k8s.io" is forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
E0427 15:09:12.158811   12320 reflector.go:147] pkg/operator/operator.go:569: Failed to watch *v1.CustomResourceDefinition: failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io "verticalpodautoscalers.autoscaling.k8s.io" is forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
I0427 15:09:17.283829   12320 operator.go:650] Triggering an update due to a change in *v1.ClusterVersion/version
I0427 15:09:32.266795   12320 operator.go:650] Triggering an update due to a change in *v1.ClusterVersion/version
I0427 15:09:45.655341   12320 operator.go:650] Triggering an update due to a change in *v1.ClusterVersion/version
I0427 15:09:52.455641   12320 reflector.go:325] Listing and watching *v1.CustomResourceDefinition from pkg/operator/operator.go:569
W0427 15:09:52.715542   12320 reflector.go:539] pkg/operator/operator.go:569: failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io "verticalpodautoscalers.autoscaling.k8s.io" is forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
E0427 15:09:52.715588   12320 reflector.go:147] pkg/operator/operator.go:569: Failed to watch *v1.CustomResourceDefinition: failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io "verticalpodautoscalers.autoscaling.k8s.io" is forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
I0427 15:09:56.427486   12320 operator.go:650] Triggering an update due to a change in *v1.ClusterVersion/version
I0427 15:10:31.485202   12320 reflector.go:325] Listing and watching *v1.CustomResourceDefinition from pkg/operator/operator.go:569
W0427 15:10:31.751418   12320 reflector.go:539] pkg/operator/operator.go:569: failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io "verticalpodautoscalers.autoscaling.k8s.io" is forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
E0427 15:10:31.751481   12320 reflector.go:147] pkg/operator/operator.go:569: Failed to watch *v1.CustomResourceDefinition: failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io "verticalpodautoscalers.autoscaling.k8s.io" is forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
I0427 15:10:56.443467   12320 operator.go:650] Triggering an update due to a change in *v1.ClusterVersion/version
I0427 15:11:16.253339   12320 reflector.go:800] k8s.io/client-go/informers/factory.go:159: Watch close - *v1.Secret total 6 items received
I0427 15:11:27.567858   12320 reflector.go:325] Listing and watching *v1.CustomResourceDefinition from pkg/operator/operator.go:569
W0427 15:11:27.825924   12320 reflector.go:539] pkg/operator/operator.go:569: failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io "verticalpodautoscalers.autoscaling.k8s.io" is forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
E0427 15:11:27.825998   12320 reflector.go:147] pkg/operator/operator.go:569: Failed to watch *v1.CustomResourceDefinition: failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io "verticalpodautoscalers.autoscaling.k8s.io" is forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope

      cc: prasriva@redhat.com 

            prasriva@redhat.com Pranshu Srivastava
            janantha@redhat.com Jayapriya Pai
            Junqi Zhao Junqi Zhao
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: