-
Bug
-
Resolution: Done
-
Undefined
-
None
-
4.11.z
-
None
-
Important
-
None
-
False
-
Description of problem:
Descheduler cluster log shows error "events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-b6y9atnu-jxz6p""
Version-Release number of selected component (if applicable):
[knarra@knarra openshift-tests-private]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.11.0-0.nightly-2023-01-04-081902 True False 8h Error while reconciling 4.11.0-0.nightly-2023-01-04-081902: the cluster operator insights has not yet successfully rolled out [
How reproducible:
Always
Steps to Reproduce:
1. Install latest descheduler operator on 4.11 cluster 2. start to test any of the strategy 3.
Actual results:
When looking into the descheduler logs user can see below
E0106 10:33:56.522845 1 event_broadcaster.go:253] Server rejected event '&v1.Event{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"d36584-tf7qp.1737b1c2bb84b2f6", GenerateName:"", Namespace:"e2e-test-default-6037gxyl-zgn79", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), DeletionTimestamp:<nil>, DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]string(nil), ZZZ_DeprecatedClusterName:"", ManagedFields:[]v1.ManagedFieldsEntry(nil)}, EventTime:time.Date(2023, time.January, 6, 10, 33, 56, 519229907, time.Local), Series:(*v1.EventSeries)(nil), ReportingController:"sigs.k8s.io.descheduler", ReportingInstance:"sigs.k8s.io.descheduler-descheduler-96fff8dd4-rnz7x", Action:"Descheduled", Reason:"RemoveDuplicates", Regarding:v1.ObjectReference{Kind:"Pod", Namespace:"e2e-test-default-6037gxyl-zgn79", Name:"d36584-tf7qp", UID:"7e9d8482-1589-4506-ae51-070d27d6215e", APIVersion:"v1", ResourceVersion:"223467", FieldPath:""}, Related:(*v1.ObjectReference)(nil), Note:"pod evicted by sigs.k8s.io/descheduler", Type:"Normal", DeprecatedSource:v1.EventSource{Component:"", Host:""}, DeprecatedFirstTimestamp:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), DeprecatedLastTimestamp:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), DeprecatedCount:0}': 'events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-6037gxyl-zgn79"' (will not retry!)
Expected results:
Above error should not be seen
Additional info:
events.events.k8s.io is a new resource group which we do not have in the rbac rules yet.
- clones
-
-
- Closed
-
- depends on
-
-
- Closed
-
- links to
[OCPBUGS-5450] events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-b6y9atnu-jxz6p"
Rama Kasturi Narra
added a comment - Verified bug with below clusterversion and descheduler bits and did not see the reported error any more. Based on this moving the bug to verified state
[knarra@knarra flexy-templates]$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.11.0-0.nightly-2023-01-10-195337 True False 5h51m Cluster version is 4.11.0-0.nightly-2023-01-10-195337
[knarra@knarra flexy-templates]$ oc get csv -n openshift-kube-descheduler-operator
NAME DISPLAY VERSION REPLACES PHASE
clusterkubedescheduleroperator.4.11.0-202301062015 Kube Descheduler Operator 4.11.0-202301062015 clusterkubedescheduleroperator.4.11.0-202212141745 Succeeded
Rama Kasturi Narra
added a comment - Verified bug with below clusterversion and descheduler bits and did not see the reported error any more. Based on this moving the bug to verified state
[knarra@knarra flexy-templates] $ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.11.0-0.nightly-2023-01-10-195337 True False 5h51m Cluster version is 4.11.0-0.nightly-2023-01-10-195337
[knarra@knarra flexy-templates] $ oc get csv -n openshift-kube-descheduler-operator
NAME DISPLAY VERSION REPLACES PHASE
clusterkubedescheduleroperator.4.11.0-202301062015 Kube Descheduler Operator 4.11.0-202301062015 clusterkubedescheduleroperator.4.11.0-202212141745 Succeeded Rama Kasturi Narra
added a comment - Did not see a new build for descheduler for 4.11. Once a new build comes in will start to verify the bug here.
Rama Kasturi Narra
added a comment - Did not see a new build for descheduler for 4.11. Once a new build comes in will start to verify the bug here. 
Since the problem described in this issue should be resolved in a recent advisory, it has been closed.
For information on the advisory, and where to find the updated files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2023:0069