-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
4.17
-
Low
-
False
-
Description of problem:
When we enable techpreview we see ValidatingAdmissionPolicy errors in the MCDs 0607 12:11:34.471802 2511 upgrade_monitor.go:265] Error applying MCN status: machineconfignodes.machineconfiguration.openshift.io "ip-10-0-54-123" is forbidden: ValidatingAdmissionPolicy 'mcn-guards' with binding 'mcn-guards-binding' denied request: this user must have a "authentication.kubernetes.io/node-name" claim E0607 12:11:34.471821 2511 pinned_image_set.go:223] failed to update status: machineconfignodes.machineconfiguration.openshift.io "ip-10-0-54-123" is forbidden: ValidatingAdmissionPolicy 'mcn-guards' with binding 'mcn-guards-binding' denied request: this user must have a "authentication.kubernetes.io/node-name" claim E0607 12:11:34.485756 2511 upgrade_monitor.go:265] Error applying MCN status: machineconfignodes.machineconfiguration.openshift.io "ip-10-0-54-123" is forbidden: ValidatingAdmissionPolicy 'mcn-guards' with binding 'mcn-guards-binding' denied request: this user must have a "authentication.kubernetes.io/node-name" claim E0607 12:11:34.485770 2511 pinned_image_set.go:589] Failed to updated machine config node: machineconfignodes.machineconfiguration.openshift.io "ip-10-0-54-123" is forbidden: ValidatingAdmissionPolicy 'mcn-guards' with binding 'mcn-guards-binding' denied request: this user must have a "authentication.kubernetes.io/node-name" claim E0607 12:11:34.500048 2511 upgrade_monitor.go:265] Error applying MCN status: machineconfignodes.machineconfiguration.openshift.io "ip-10-0-54-123" is forbidden: ValidatingAdmissionPolicy 'mcn-guards' with binding 'mcn-guards-binding' denied request: this user must have a "authentication.kubernetes.io/node-name" claim
Version-Release number of selected component (if applicable):
Disconnected baremetal cluster, using flexy-install template private-templates/functionality-testing/aos-4_17/upi-on-baremetal/versioned-installer-aws-disconnected NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.17.0-0.nightly-2024-06-06-061523 True False 5h17m Cluster version is 4.17.0-0.nightly-2024-06-06-061523
How reproducible:
One out of one, but after investigating it it looks like intermittent
Steps to Reproduce:
1. Enable techpreview $ oc patch featuregate cluster --type=merge -p '{"spec":{"featureSet": "TechPreviewNoUpgrade"}}'
Actual results:
MCD pods start spamming this error E0607 12:57:53.105875 2511 upgrade_monitor.go:265] Error applying MCN status: machineconfignodes.machineconfiguration.openshift.io "ip-10-0-54-123" is forbidden: ValidatingAdmissionPolicy 'mcn-guards' with binding 'mcn-guards-binding' denied request: this user must have a "authentication.kubernetes.io/node-name" claim
Expected results:
No errors should be spammed in MCDs
Additional info:
Slack conversation in: https://redhat-internal.slack.com/archives/C02CZNQHGN8/p1717764899536409