Bug 1865769
| Summary: | [storage cluster operator] the rolebinding name for cluster-storage-operator sa to get kube-system/extension-apiserver-authentication-reader access right likes a temp name | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Qin Ping <piqin> |
| Component: | Storage | Assignee: | Jan Safranek <jsafrane> |
| Storage sub component: | Operators | QA Contact: | Qin Ping <piqin> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | medium | CC: | aos-bugs, jsafrane |
| Version: | 4.6 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.6.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-27 16:23:11 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
verified with: 4.6.0-0.nightly-2020-08-06-131904 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |
Description of problem: The rolebinding name for cluster-storage-operator sa to get kube-system/extension-apiserver-authentication-reader access right likes a temp name Version-Release number of selected component (if applicable): 4.6.0-0.nightly-2020-08-04-002217 How reproducible: Always Steps to Reproduce: 1. Install OCP4.6 on AWS 2. check the rolebinding name for cluster-storage-operator sa 3. Actual results: The rolebinding name is "foo-role" Expected results: From the code, looks we have an offical name "cluster-storage-operator-authentication-reader", but can not find this rolebinding in kube-system namespace Master Log: Node Log (of failed PODs): PV Dump: PVC Dump: StorageClass Dump (if StorageClass used by PV/PVC): Additional info: $ oc get rolebinding cluster-storage-operator-authentication-reader -n kube-system Error from server (NotFound): rolebindings.rbac.authorization.k8s.io "cluster-storage-operator-authentication-reader" not found $ oc get rolebinding foo-role -n kube-system -oyaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: creationTimestamp: "2020-08-04T03:04:45Z" managedFields: - apiVersion: rbac.authorization.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:roleRef: f:apiGroup: {} f:kind: {} f:name: {} f:subjects: {} manager: cluster-version-operator operation: Update time: "2020-08-04T03:04:45Z" name: foo-role namespace: kube-system resourceVersion: "888" selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/kube-system/rolebindings/foo-role uid: c4c25039-f188-417b-94b6-b913dc640285 roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount name: cluster-storage-operator namespace: openshift-cluster-storage-operator