-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
4.22.0
-
None
-
None
-
False
-
-
None
-
Critical
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
openshift-cnv/kubevirt-apiserver-proxy- and openshift-cnv/kubevirt-console-plugin- should not use the default service account. As part of OCPSTRAT-2401, core OpenShift components should not be using default service account, but rather their own bespoke service account. Location of code for openshift-cnv/kubevirt-apiserver-proxy- pods should be somewhere around https://github.com/kubevirt-ui/kubevirt-apiserver-proxy . Location of code for openshift-cnv/kubevirt-console-plugin- pods is located at https://github.com/kubevirt/hyperconverged-cluster-operator/blob/2acfe23734f2f022094b52fc2578106d3451883d/controllers/operands/kubevirtConsolePlugin.go#L66 .
Version-Release number of selected component (if applicable):
How reproducible:
Showing up in this monitor test https://prow.ci.openshift.org/view/gs/test-platform-results/logs/periodic-ci-openshift-ovn-kubernetes-release-4.22-periodics-e2e-metal-ipi-ovn-bgp-virt-dualstack/2008010906675449856 .
Steps to Reproduce:
Running this test periodic-ci-openshift-ovn-kubernetes-release-4.22-periodics-e2e-metal-ipi-ovn-bgp-virt-dualstack should show that the default service account monitor tests detect these pods using default service account.
Actual results:
These pods are using default service account.
Expected results:
These pods should be using their own bespoke service accounts.
Additional info:
- blocks
-
OCPSTRAT-2401 Ensure Default Service Accounts are not used by OpenShift Operators
-
- In Progress
-
- links to
- mentioned on
