Bug 1680504
| Summary: | Log collector is not deployed because of "Failure creating Log collector cluster-reader role binding" | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Qiaoling Tang <qitang> |
| Component: | Logging | Assignee: | Jeff Cantrill <jcantril> |
| Status: | CLOSED ERRATA | QA Contact: | Anping Li <anli> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.1.0 | CC: | aos-bugs, ecordell, jcantril, mifiedle, mkhan, nstielau, pweil, qitang, rmeggins, sponnaga |
| Target Milestone: | --- | ||
| Target Release: | 4.1.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-04 10:44:27 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Encounter same error when using rsyslog as log collector. Please share the instructions you use for deploying logging via community operators. For me, the workflow for installing via community operators is blocked by bz 1679309. The Operator Hub functionality in the UI keeps going away before I can get the operator installed. Normally the flow is: 1. login to console 2. Catalog -> OperatorHub 3. Show Community Operators -> Cluster Logging 4. Install and wait for the operator to show up in openshift-operators namespace. But, broken for me on 4.0.0-0.nightly-2019-02-26-125216 Is there a way to install logging from community operators without mouse clickety-clack on a UI i.e. using cli? @mike You may hit the OLM bug https://bugzilla.redhat.com/show_bug.cgi?id=1679309. @qitang, the block are updated. Well, https://github.com/operator-framework/community-operators/pull/112 is on hold. Copying in the entire cluster-reader definition into the CSV for cluster-logging-operator is too fragile to be accepted because the definition of cluster-reader changes quite often. I also attempted to request support for being able to specify the roleRef: cluster-reader in the CSV: https://github.com/operator-framework/operator-lifecycle-manager/issues/732 - but apparently OLM already supports this, but not https://github.com/operator-framework/community-operators - I'm waiting for clarification from Evan about what he meant by this before I file an issue against https://github.com/operator-framework/community-operators In the meantime, we have no other choice but to begin the process of figuring out exactly what rbac rules are needed by fluentd, and therefore cluster-logging-operator. I'll be working on this. As far as TestBlocker goes, I've been able to workaround the problem by manually adding cluster-reader to cluster-logging-operator. Copy the lines from here to the end of the file to a file: https://github.com/openshift/cluster-logging-operator/blob/master/manifests/04-role-binding.yaml#L46 Then - oc create -f file.yaml Then fluentd should be able to start. Test bolcked by https://bugzilla.redhat.com/show_bug.cgi?id=1683701 Verified in 4.0.0-0.nightly-2019-03-05-065158 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758 |
Description of problem: Deploy logging via community-operators, check pods in "openshift-logging" namespace, no fluentd pod. Log in cluster-logging-operator pod shows: error syncing key (openshift-logging/example): Unable to create or update collection: Failure creating Log collector cluster-reader role binding: clusterrolebindings.rbac.authorization.k8s.io \"openshift-logging-collector-cluster-reader\" is forbidden: user \"system:serviceaccount:openshift-operators:cluster-logging-operator\" (groups=[\"system:serviceaccounts\" \"system:serviceaccounts:openshift-operators\" \"system:authenticated\"]) is attempting to grant RBAC permissions not currently held $ oc get pod -n openshift-logging NAME READY STATUS RESTARTS AGE elasticsearch-clientdatamaster-0-1-c947dbb7-c589t 1/1 Running 0 5m35s elasticsearch-clientdatamaster-0-2-548b599dcf-x4hbf 1/1 Running 0 5m34s kibana-7fb4fd4cc9-qcxqt 2/2 Running 0 5m34s $ oc get ds -n openshift-logging No resources found. log in cluster-logging-operator pod: time="2019-02-25T06:20:12Z" level=error msg="error syncing key (openshift-logging/example): Unable to create or update collection: Failure creating Log collector cluster-reader role binding: clusterrolebindings.rbac.authorization.k8s.io \"openshift-logging-collector-cluster-reader\" is forbidden: user \"system:serviceaccount:openshift-operators:cluster-logging-operator\" (groups=[\"system:serviceaccounts\" \"system:serviceaccounts:openshift-operators\" \"system:authenticated\"]) is attempting to grant RBAC permissions not currently held:\n{APIGroups:[\"\"], Resources:[\"appliedclusterresourcequotas\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"bindings\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"brokertemplateinstances\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"buildconfigs\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"buildconfigs/webhooks\"], Verbs:[\"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"buildlogs\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"builds\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"builds/details\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"builds/log\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"clusternetworks\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"clusterresourcequotas\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"clusterresourcequotas/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"clusterrolebindings\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"clusterroles\"], Verbs:[\"watch\"]}\n{APIGroups:[\"\"], Resources:[\"componentstatuses\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"deploymentconfigs\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"deploymentconfigs/log\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"deploymentconfigs/scale\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"deploymentconfigs/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"egressnetworkpolicies\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"groups\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"hostsubnets\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"identities\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"images\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"imagesignatures\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"imagestreamimages\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"imagestreammappings\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"imagestreams\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"imagestreams/layers\"], Verbs:[\"get\"]}\n{APIGroups:[\"\"], Resources:[\"imagestreams/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"imagestreamtags\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"limitranges\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"localresourceaccessreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"\"], Resources:[\"localsubjectaccessreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"\"], Resources:[\"namespaces\"], Verbs:[\"get\" \"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"namespaces/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"netnamespaces\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"nodes\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"nodes/metrics\"], Verbs:[\"get\"]}\n{APIGroups:[\"\"], Resources:[\"nodes/spec\"], Verbs:[\"get\"]}\n{APIGroups:[\"\"], Resources:[\"nodes/stats\"], Verbs:[\"create\" \"get\"]}\n{APIGroups:[\"\"], Resources:[\"nodes/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"oauthclientauthorizations\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"persistentvolumeclaims/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"persistentvolumes\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"persistentvolumes/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"pods/binding\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"pods/eviction\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"pods/log\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"pods/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"podsecuritypolicyreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"\"], Resources:[\"podsecuritypolicyselfsubjectreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"\"], Resources:[\"podsecuritypolicysubjectreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"\"], Resources:[\"podtemplates\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"processedtemplates\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"projectrequests\"], Verbs:[\"get\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"projects\"], Verbs:[\"get\"]}\n{APIGroups:[\"\"], Resources:[\"replicationcontrollers\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"replicationcontrollers/scale\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"replicationcontrollers/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"resourceaccessreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"\"], Resources:[\"resourcequotas\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"resourcequotas/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"resourcequotausages\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"rolebindingrestrictions\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"rolebindings\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"roles\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"routes\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"routes/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"securitycontextconstraints\"], Verbs:[\"get\" \"list\" \"watch\" \"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"services/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"subjectaccessreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"\"], Resources:[\"subjectrulesreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"\"], Resources:[\"templateconfigs\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"templateinstances\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"templateinstances/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"templates\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"useridentitymappings\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"\"], Resources:[\"users\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"admissionregistration.k8s.io\"], Resources:[\"mutatingwebhookconfigurations\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"admissionregistration.k8s.io\"], Resources:[\"validatingwebhookconfigurations\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apiextensions.k8s.io\"], Resources:[\"customresourcedefinitions\"], ResourceNames:[\"clusterloggings.logging.openshift.io\"], Verbs:[\"get\"]}\n{APIGroups:[\"apiextensions.k8s.io\"], Resources:[\"customresourcedefinitions\"], ResourceNames:[\"elasticsearches.logging.openshift.io\"], Verbs:[\"get\"]}\n{APIGroups:[\"apiextensions.k8s.io\"], Resources:[\"customresourcedefinitions\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apiextensions.k8s.io\"], Resources:[\"customresourcedefinitions/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apiregistration.k8s.io\"], Resources:[\"apiservices\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apiregistration.k8s.io\"], Resources:[\"apiservices/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apps\"], Resources:[\"controllerrevisions\"], Verbs:[\"get\" \"list\" \"watch\" \"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apps\"], Resources:[\"daemonsets/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apps\"], Resources:[\"deployments/scale\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apps\"], Resources:[\"deployments/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apps\"], Resources:[\"replicasets/scale\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apps\"], Resources:[\"replicasets/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apps\"], Resources:[\"statefulsets/scale\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apps\"], Resources:[\"statefulsets/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apps.openshift.io\"], Resources:[\"deploymentconfigs\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apps.openshift.io\"], Resources:[\"deploymentconfigs/log\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apps.openshift.io\"], Resources:[\"deploymentconfigs/scale\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"apps.openshift.io\"], Resources:[\"deploymentconfigs/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"authentication.k8s.io\"], Resources:[\"tokenreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"authorization.k8s.io\"], Resources:[\"localsubjectaccessreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"authorization.k8s.io\"], Resources:[\"subjectaccessreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"authorization.openshift.io\"], Resources:[\"clusterrolebindings\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"authorization.openshift.io\"], Resources:[\"clusterroles\"], Verbs:[\"watch\"]}\n{APIGroups:[\"authorization.openshift.io\"], Resources:[\"localresourceaccessreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"authorization.openshift.io\"], Resources:[\"localsubjectaccessreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"authorization.openshift.io\"], Resources:[\"resourceaccessreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"authorization.openshift.io\"], Resources:[\"rolebindingrestrictions\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"authorization.openshift.io\"], Resources:[\"rolebindings\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"authorization.openshift.io\"], Resources:[\"roles\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"authorization.openshift.io\"], Resources:[\"subjectaccessreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"authorization.openshift.io\"], Resources:[\"subjectrulesreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"autoscaling\"], Resources:[\"horizontalpodautoscalers\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"autoscaling\"], Resources:[\"horizontalpodautoscalers/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"batch\"], Resources:[\"cronjobs/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"batch\"], Resources:[\"jobs\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"batch\"], Resources:[\"jobs/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"build.openshift.io\"], Resources:[\"buildconfigs\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"build.openshift.io\"], Resources:[\"buildconfigs/webhooks\"], Verbs:[\"list\" \"watch\"]}\n{APIGroups:[\"build.openshift.io\"], Resources:[\"buildlogs\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"build.openshift.io\"], Resources:[\"builds\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"build.openshift.io\"], Resources:[\"builds/details\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"build.openshift.io\"], Resources:[\"builds/log\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"build.openshift.io\"], Resources:[\"jenkins\"], Verbs:[\"view\"]}\n{APIGroups:[\"certificates.k8s.io\"], Resources:[\"certificatesigningrequests\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"certificates.k8s.io\"], Resources:[\"certificatesigningrequests/approval\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"certificates.k8s.io\"], Resources:[\"certificatesigningrequests/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"coordination.k8s.io\"], Resources:[\"leases\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"events.k8s.io\"], Resources:[\"events\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"daemonsets\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"daemonsets/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"deployments\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"deployments/scale\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"deployments/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"horizontalpodautoscalers\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"horizontalpodautoscalers/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"ingresses\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"ingresses/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"jobs\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"jobs/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"networkpolicies\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"podsecuritypolicies\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"replicasets\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"replicasets/scale\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"replicasets/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"replicationcontrollers\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"replicationcontrollers/scale\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"storageclasses\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"extensions\"], Resources:[\"thirdpartyresources\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"image.openshift.io\"], Resources:[\"images\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"image.openshift.io\"], Resources:[\"imagesignatures\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"image.openshift.io\"], Resources:[\"imagestreamimages\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"image.openshift.io\"], Resources:[\"imagestreammappings\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"image.openshift.io\"], Resources:[\"imagestreams\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"image.openshift.io\"], Resources:[\"imagestreams/layers\"], Verbs:[\"get\"]}\n{APIGroups:[\"image.openshift.io\"], Resources:[\"imagestreams/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"image.openshift.io\"], Resources:[\"imagestreamtags\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"monitoring.coreos.com\"], Resources:[\"alertmanagers\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"monitoring.coreos.com\"], Resources:[\"prometheuses\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"monitoring.coreos.com\"], Resources:[\"prometheusrules\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"monitoring.coreos.com\"], Resources:[\"servicemonitors\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"network.openshift.io\"], Resources:[\"clusternetworks\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"network.openshift.io\"], Resources:[\"egressnetworkpolicies\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"network.openshift.io\"], Resources:[\"hostsubnets\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"network.openshift.io\"], Resources:[\"netnamespaces\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"networking.k8s.io\"], Resources:[\"networkpolicies\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"oauth.openshift.io\"], Resources:[\"oauthclientauthorizations\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"operators.coreos.com\"], Resources:[\"catalogsources\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"operators.coreos.com\"], Resources:[\"clusterserviceversions\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"operators.coreos.com\"], Resources:[\"installplans\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"operators.coreos.com\"], Resources:[\"packagemanifests\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"operators.coreos.com\"], Resources:[\"subscriptions\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"packages.apps.redhat.com\"], Resources:[\"\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"policy\"], Resources:[\"poddisruptionbudgets\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"policy\"], Resources:[\"poddisruptionbudgets/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"policy\"], Resources:[\"podsecuritypolicies\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"project.openshift.io\"], Resources:[\"projectrequests\"], Verbs:[\"get\" \"watch\"]}\n{APIGroups:[\"project.openshift.io\"], Resources:[\"projects\"], Verbs:[\"get\"]}\n{APIGroups:[\"quota.openshift.io\"], Resources:[\"appliedclusterresourcequotas\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"quota.openshift.io\"], Resources:[\"clusterresourcequotas\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"quota.openshift.io\"], Resources:[\"clusterresourcequotas/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"route.openshift.io\"], Resources:[\"routes/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"security.openshift.io\"], Resources:[\"podsecuritypolicyreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"security.openshift.io\"], Resources:[\"podsecuritypolicyselfsubjectreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"security.openshift.io\"], Resources:[\"podsecuritypolicysubjectreviews\"], Verbs:[\"create\"]}\n{APIGroups:[\"security.openshift.io\"], Resources:[\"rangeallocations\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"security.openshift.io\"], Resources:[\"securitycontextconstraints\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"settings.k8s.io\"], Resources:[\"podpresets\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"storage.k8s.io\"], Resources:[\"storageclasses\"], Verbs:[\"watch\"]}\n{APIGroups:[\"storage.k8s.io\"], Resources:[\"volumeattachments\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"template.openshift.io\"], Resources:[\"brokertemplateinstances\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"template.openshift.io\"], Resources:[\"processedtemplates\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"template.openshift.io\"], Resources:[\"templateconfigs\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"template.openshift.io\"], Resources:[\"templateinstances\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"template.openshift.io\"], Resources:[\"templateinstances/status\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"template.openshift.io\"], Resources:[\"templates\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"user.openshift.io\"], Resources:[\"groups\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"user.openshift.io\"], Resources:[\"identities\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"user.openshift.io\"], Resources:[\"useridentitymappings\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"user.openshift.io\"], Resources:[\"users\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{NonResourceURLs:[\"*\"], Verbs:[\"get\"]}" Version-Release number of selected component (if applicable): $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.0.0-0.nightly-2019-02-24-045124 True False 5h14m Cluster version is 4.0.0-0.nightly-2019-02-24-045124 How reproducible: Always Steps to Reproduce: 1. Deploy logging via community-operators 2. check pods in "openshift-logging" namespace 3. Actual results: Expected results: Additional info: