Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-5450

events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-b6y9atnu-jxz6p"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • 4.11.z
    • kube-scheduler
    • None
    • Important
    • None
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      Descheduler cluster log shows error "events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-b6y9atnu-jxz6p""

      Version-Release number of selected component (if applicable):

      [knarra@knarra openshift-tests-private]$ oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.11.0-0.nightly-2023-01-04-081902   True        False         8h      Error while reconciling 4.11.0-0.nightly-2023-01-04-081902: the cluster operator insights has not yet successfully rolled out
[

      How reproducible:

      Always

      Steps to Reproduce:

      1. Install latest descheduler operator on 4.11 cluster
2. start to test any of the strategy
3.

      Actual results:

      When looking into the descheduler logs user can see below

E0106 10:33:56.522845       1 event_broadcaster.go:253] Server rejected event '&v1.Event{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"d36584-tf7qp.1737b1c2bb84b2f6", GenerateName:"", Namespace:"e2e-test-default-6037gxyl-zgn79", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), DeletionTimestamp:<nil>, DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]string(nil), ZZZ_DeprecatedClusterName:"", ManagedFields:[]v1.ManagedFieldsEntry(nil)}, EventTime:time.Date(2023, time.January, 6, 10, 33, 56, 519229907, time.Local), Series:(*v1.EventSeries)(nil), ReportingController:"sigs.k8s.io.descheduler", ReportingInstance:"sigs.k8s.io.descheduler-descheduler-96fff8dd4-rnz7x", Action:"Descheduled", Reason:"RemoveDuplicates", Regarding:v1.ObjectReference{Kind:"Pod", Namespace:"e2e-test-default-6037gxyl-zgn79", Name:"d36584-tf7qp", UID:"7e9d8482-1589-4506-ae51-070d27d6215e", APIVersion:"v1", ResourceVersion:"223467", FieldPath:""}, Related:(*v1.ObjectReference)(nil), Note:"pod evicted by sigs.k8s.io/descheduler", Type:"Normal", DeprecatedSource:v1.EventSource{Component:"", Host:""}, DeprecatedFirstTimestamp:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), DeprecatedLastTimestamp:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), DeprecatedCount:0}': 'events.events.k8s.io is forbidden: User "system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand" cannot create resource "events" in API group "events.k8s.io" in the namespace "e2e-test-default-6037gxyl-zgn79"' (will not retry!)

      Expected results:

      Above error should not be seen

      Additional info:

      events.events.k8s.io is a new resource group which we do not have in the rbac rules yet.

       

              rh-ee-lseveroa Lucas Severo Alves (Inactive)
              knarra@redhat.com Rama Kasturi Narra
              Rama Kasturi Narra Rama Kasturi Narra
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: