Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Undefined
Fix Version/s: 4.21.z
Affects Version/s: 4.19.z
Component/s: Cluster Autoscaler
Labels:
None

Activity Type:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
None

Target Backport Versions:

4.19.z
Target Version:

4.21.z
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

Cluster-autoscaler in OpenShift 4.19.17 is missing RBAC permissions

``` 
for volumeattachments, causing errors:    failed to list *v1.VolumeAttachment: volumeattachments.storage.k8s.io is forbidden: 
    User "system:serviceaccount:openshift-machine-api:cluster-autoscaler" cannot list 
    resource "volumeattachments" in API group "storage.k8s.io" at the cluster scope
```


Fix was merged to main in commit eb9d8e9 (Aug 21, 2025) and included in AUTOSCALE-244 for OpenShift 4.20, but never backported to 4.19 release branch.
https://github.com/openshift/cluster-autoscaler-operator/commit/eb9d8e95aea25c6235a20fd5522d77856b294552

 References:
  - Upstream: kubernetes/autoscaler#7663
  - OpenShift PR: openshift/cluster-autoscaler-operator#351
  - OpenShift JIRA: AUTOSCALE-244 (4.20 only)
  - Commit: eb9d8e95aea25c6235a20fd5522d77856b294552

Workaround is not working as patching the clusterrole gets overwritten, so the error comes back after a while.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

 1. Deploy OpenShift 4.19.x cluster with cluster-autoscaler enabled
 2. Check cluster-autoscaler pod logs in openshift-machine-api namespace
 3. Observe volumeattachment permission errors

Actual results:

Expected results:

Additional info:

clones

OCPBUGS-73892 Backport volumeattachments RBAC permissions to cluster-autoscaler ClusterRole in 4.19.z

Closed

depends on

OCPBUGS-73892 Backport volumeattachments RBAC permissions to cluster-autoscaler ClusterRole in 4.19.z

Closed

is cloned by

OCPBUGS-73953 [release 4.20] Backport volumeattachments RBAC permissions to cluster-autoscaler ClusterRole in 4.19.z

Closed

is depended on by

OCPBUGS-73953 [release 4.20] Backport volumeattachments RBAC permissions to cluster-autoscaler ClusterRole in 4.19.z

Closed

Assignee:: Michael McCune

Reporter:: Abdullah Sikder

Need Info From:: None

Contributors:: None

QA Contact:: Paul Rozehnal

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2026/01/16 8:14 PM

Updated:: 2026/01/17 12:00 AM

Resolved:: 2026/01/16 8:18 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates