Uploaded image for project: 'MicroShift'
  1. MicroShift
  2. USHIFT-1654

rebase script is not updating openshift-router manifests

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • openshift-4.14
    • openshift-4.14
    • Networking
    • None
    • 5
    • False
    • Hide

      None

      Show
      None
    • False
    • uShift Sprint 241

      Description of problem:

      The route-controller-manager depends on manifests from the cluster-ingress-operator repo.  A recent change[0] has added additional cluster resources watches.  However, the manifests have not been updated in microshift, causing the route-controller-manager to spam logs with 'Failed to watch resource ...' messages.

We need to fix the rebase script asap and ensure that microshift/assets/components/openshift-router are updated.

Whatever affect this has on MicroShift's network orchestration hasn't been exposed in tests.

      [0][https://github.com/openshift/route-controller-manager/pull/28]

      Version-Release number of selected component (if applicable):

       

      How reproducible:

      100%

      Steps to Reproduce:

      1. Build microshift from main:HEAD, and install
2. Start the microshift service
3. Observe log spam generated by the route-controller-manager
   journalctl -fu microshift

      Actual results:

      Sep 01 19:55:52 microshift-dev.local microshift[57467]: route-controller-manager W0901 19:55:52.464795   57467 reflector.go:533] k8s.io/client-go/informers/factory.go:150: failed to list *v1.Service: services is forbidden: User "system:serviceaccount:openshift-route-controller-manager:route-controller-manager-sa" cannot list resource "services" in API group "" at the cluster sc>
Sep 01 19:55:52 microshift-dev.local microshift[57467]: route-controller-manager E0901 19:55:52.465330   57467 reflector.go:148] k8s.io/client-go/informers/factory.go:150: Failed to watch *v1.Service: failed to list *v1.Service: services is forbidden: User "system:serviceaccount:openshift-route-controller-manager:route-controller-manager-sa" cannot list resource "services" in A>
Sep 01 19:55:58 microshift-dev.local microshift[57467]: route-controller-manager W0901 19:55:58.380823   57467 reflector.go:533] k8s.io/client-go/informers/factory.go:150: failed to list *v1.IngressClass: ingressclasses.networking.k8s.io is forbidden: User "system:serviceaccount:openshift-route-controller-manager:route-controller-manager-sa" cannot list resource "ingressclasses>
Sep 01 19:55:58 microshift-dev.local microshift[57467]: route-controller-manager E0901 19:55:58.381244   57467 reflector.go:148] k8s.io/client-go/informers/factory.go:150: Failed to watch *v1.IngressClass: failed to list *v1.IngressClass: ingressclasses.networking.k8s.io is forbidden: User "system:serviceaccount:openshift-route-controller-manager:route-controller-manager-sa" ca>
Sep 01 19:56:03 microshift-dev.local microshift[57467]: route-controller-manager W0901 19:56:03.007758   57467 reflector.go:533] github.com/openshift/client-go/route/informers/externalversions/factory.go:101: failed to list *v1.Route: routes.route.openshift.io is forbidden: User "system:serviceaccount:openshift-route-controller-manager:route-controller-manager-sa" cannot list r>
Sep 01 19:56:03 microshift-dev.local microshift[57467]: route-controller-manager E0901 19:56:03.008534   57467 reflector.go:148] github.com/openshift/client-go/route/informers/externalversions/factory.go:101: Failed to watch *v1.Route: failed to list *v1.Route: routes.route.openshift.io is forbidden: User "system:serviceaccount:openshift-route-controller-manager:route-controlle>
Sep 01 19:56:11 microshift-dev.local microshift[57467]: route-controller-manager W0901 19:56:11.403699   57467 reflector.go:533] k8s.io/client-go/informers/factory.go:150: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:openshift-route-controller-manager:route-controller-manager-sa" cannot list resource "secrets" in API group "" at the cluster scope
Sep 01 19:56:11 microshift-dev.local microshift[57467]: route-controller-manager E0901 19:56:11.405723   57467 reflector.go:148] k8s.io/client-go/informers/factory.go:150: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:openshift-route-controller-manager:route-controller-manager-sa" cannot list resource "secrets" in API g>
Sep 01 19:56:21 microshift-dev.local microshift[57467]: route-controller-manager W0901 19:56:21.803124   57467 reflector.go:533] k8s.io/client-go/informers/factory.go:150: failed to list *v1.Ingress: ingresses.networking.k8s.io is forbidden: User "system:serviceaccount:openshift-route-controller-manager:route-controller-manager-sa" cannot list resource "ingresses" in API group

      Expected results:

      there should be no rbac related warnings produced after the route-controller-manager service-manager completes.

      Additional info:

      See slack thread: https://redhat-internal.slack.com/archives/C03CJTNLKAT/p1691586588458619

       
       

              jcope@redhat.com Jon Cope
              jcope@redhat.com Jon Cope
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: