Bug 1883458

Summary: Move range allocations to CRD's
Product: OpenShift Container Platform Reporter: RamaKasturi <knarra>
Component: kube-controller-managerAssignee: David Eads <deads>
Status: CLOSED ERRATA QA Contact: RamaKasturi <knarra>
Severity: high Docs Contact:
Priority: high    
Version: 4.6CC: aos-bugs, deads, maszulik, mfojtik, mgugino, wking
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1886022 (view as bug list) Environment:
Last Closed: 2020-10-27 16:45:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1886022    
Bug Blocks:    

Description RamaKasturi 2020-09-29 09:28:32 UTC 
Description of problem:
When verifying the bug https://bugzilla.redhat.com/show_bug.cgi?id=1861917 here found below errors in the cluster-policy-controller.log file and it looks like we might need to move range allocations to CRD's.

[core@ip-10-0-23-53 ~]$ cat  /var/log/bootstrap-control-plane/cluster-policy-controller.log | grep "E0"
E0923 10:53:48.265108       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ClusterResourceQuota: failed to list *v1.ClusterResourceQuota: the server could not find the requested resource (get clusterresourcequotas.quota.openshift.io)
E0923 10:53:48.283894       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:53:48.324639       1 namespace_scc_allocation_controller.go:258] rangeallocations.security.openshift.io "scc-uid" is forbidden: User "system:serviceaccount:openshift-infra:namespace-security-allocation-controller" cannot get resource "rangeallocations" in API group "security.openshift.io" at the cluster scope
E0923 10:53:49.521481       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:53:49.768559       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ClusterResourceQuota: failed to list *v1.ClusterResourceQuota: the server could not find the requested resource (get clusterresourcequotas.quota.openshift.io)
E0923 10:53:51.524213       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:53:51.918415       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ClusterResourceQuota: failed to list *v1.ClusterResourceQuota: the server could not find the requested resource (get clusterresourcequotas.quota.openshift.io)
E0923 10:53:56.798612       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:53:58.372575       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:54:08.339319       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:54:09.311320       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:54:18.393299       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:54:28.345494       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:54:32.979585       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:54:38.381531       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:54:48.383548       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:54:58.411687       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:55:05.326135       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:55:08.335222       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:55:18.336587       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:55:28.335302       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:55:38.338179       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:55:48.084496       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:55:48.340012       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:55:58.334185       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:56:08.332142       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:56:18.336497       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:56:28.339688       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:56:38.341022       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:56:45.189966       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:56:48.338290       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:56:58.338209       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:57:08.337998       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:57:18.332250       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:57:20.983052       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:57:28.331742       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:57:38.334026       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:57:48.337327       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:57:58.337233       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:58:08.337462       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:58:18.337001       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:58:18.797095       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:58:28.337135       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:58:38.337125       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:58:48.336420       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:58:48.337833       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:58:51.013496       1 reconciliation_controller.go:123] initial monitor sync has error: [couldn't start monitor for resource "cloudcredential.openshift.io/v1, Resource=credentialsrequests": unable to monitor quota for resource "cloudcredential.openshift.io/v1, Resource=credentialsrequests", couldn't start monitor for resource "monitoring.coreos.com/v1, Resource=probes": unable to monitor quota for resource "monitoring.coreos.com/v1, Resource=probes", couldn't start monitor for resource "operators.coreos.com/v1alpha1, Resource=catalogsources": unable to monitor quota for resource "operators.coreos.com/v1alpha1, Resource=catalogsources", couldn't start monitor for resource "machine.openshift.io/v1beta1, Resource=machinehealthchecks": unable to monitor quota for resource "machine.openshift.io/v1beta1, Resource=machinehealthchecks", couldn't start monitor for resource "monitoring.coreos.com/v1, Resource=prometheuses": unable to monitor quota for resource "monitoring.coreos.com/v1, Resource=prometheuses", couldn't start monitor for resource "operators.coreos.com/v1alpha1, Resource=installplans": unable to monitor quota for resource "operators.coreos.com/v1alpha1, Resource=installplans", couldn't start monitor for resource "monitoring.coreos.com/v1, Resource=thanosrulers": unable to monitor quota for resource "monitoring.coreos.com/v1, Resource=thanosrulers", couldn't start monitor for resource "monitoring.coreos.com/v1, Resource=prometheusrules": unable to monitor quota for resource "monitoring.coreos.com/v1, Resource=prometheusrules", couldn't start monitor for resource "controlplane.operator.openshift.io/v1alpha1, Resource=podnetworkconnectivitychecks": unable to monitor quota for resource "controlplane.operator.openshift.io/v1alpha1, Resource=podnetworkconnectivitychecks", couldn't start monitor for resource "operator.openshift.io/v1, Resource=ingresscontrollers": unable to monitor quota for resource "operator.openshift.io/v1, Resource=ingresscontrollers", couldn't start monitor for resource "tuned.openshift.io/v1, Resource=profiles": unable to monitor quota for resource "tuned.openshift.io/v1, Resource=profiles", couldn't start monitor for resource "tuned.openshift.io/v1, Resource=tuneds": unable to monitor quota for resource "tuned.openshift.io/v1, Resource=tuneds", couldn't start monitor for resource "metal3.io/v1alpha1, Resource=baremetalhosts": unable to monitor quota for resource "metal3.io/v1alpha1, Resource=baremetalhosts", couldn't start monitor for resource "operators.coreos.com/v1alpha1, Resource=clusterserviceversions": unable to monitor quota for resource "operators.coreos.com/v1alpha1, Resource=clusterserviceversions", couldn't start monitor for resource "ingress.operator.openshift.io/v1, Resource=dnsrecords": unable to monitor quota for resource "ingress.operator.openshift.io/v1, Resource=dnsrecords", couldn't start monitor for resource "network.operator.openshift.io/v1, Resource=operatorpkis": unable to monitor quota for resource "network.operator.openshift.io/v1, Resource=operatorpkis", couldn't start monitor for resource "operators.coreos.com/v1, Resource=operatorgroups": unable to monitor quota for resource "operators.coreos.com/v1, Resource=operatorgroups", couldn't start monitor for resource "machine.openshift.io/v1beta1, Resource=machinesets": unable to monitor quota for resource "machine.openshift.io/v1beta1, Resource=machinesets", couldn't start monitor for resource "monitoring.coreos.com/v1, Resource=servicemonitors": unable to monitor quota for resource "monitoring.coreos.com/v1, Resource=servicemonitors", couldn't start monitor for resource "monitoring.coreos.com/v1, Resource=podmonitors": unable to monitor quota for resource "monitoring.coreos.com/v1, Resource=podmonitors", couldn't start monitor for resource "operators.coreos.com/v1alpha1, Resource=subscriptions": unable to monitor quota for resource "operators.coreos.com/v1alpha1, Resource=subscriptions", couldn't start monitor for resource "machine.openshift.io/v1beta1, Resource=machines": unable to monitor quota for resource "machine.openshift.io/v1beta1, Resource=machines", couldn't start monitor for resource "autoscaling.openshift.io/v1beta1, Resource=machineautoscalers": unable to monitor quota for resource "autoscaling.openshift.io/v1beta1, Resource=machineautoscalers", couldn't start monitor for resource "monitoring.coreos.com/v1, Resource=alertmanagers": unable to monitor quota for resource "monitoring.coreos.com/v1, Resource=alertmanagers"]
E0923 10:58:51.091479       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:58:51.127427       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:58:52.244447       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:58:54.142648       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:58:58.782263       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:59:01.143630       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:59:08.599019       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:59:11.143640       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:59:21.143714       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:59:30.200689       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 10:59:31.143713       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:59:41.142843       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 10:59:51.145148       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:00:01.143121       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:00:06.256922       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 11:00:11.139495       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:00:21.140082       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:00:31.142606       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:00:41.142816       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:00:51.150664       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:01:01.142623       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:01:05.627751       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 11:01:11.143396       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:01:21.142007       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:01:31.143061       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:01:35.948090       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 11:01:41.143566       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:01:51.135907       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:02:01.130057       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:02:11.172627       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:02:21.129892       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:02:21.754965       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 11:02:31.129750       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:02:41.131712       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:02:51.132510       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:03:01.129556       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:03:08.252595       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 11:03:11.284385       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:03:21.129059       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:03:31.129314       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:03:41.129340       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:03:45.966134       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 11:03:51.154600       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:03:51.162346       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:04:14.713086       1 reconciliation_controller.go:117] initial discovery check failure, continuing and counting on future sync update: unable to retrieve the complete list of server APIs: packages.operators.coreos.com/v1: the server is currently unable to handle the request
E0923 11:04:14.714426       1 reconciliation_controller.go:123] initial monitor sync has error: [couldn't start monitor for resource "metal3.io/v1alpha1, Resource=baremetalhosts": unable to monitor quota for resource "metal3.io/v1alpha1, Resource=baremetalhosts", couldn't start monitor for resource "whereabouts.cni.cncf.io/v1alpha1, Resource=ippools": unable to monitor quota for resource "whereabouts.cni.cncf.io/v1alpha1, Resource=ippools", couldn't start monitor for resource "autoscaling.openshift.io/v1beta1, Resource=machineautoscalers": unable to monitor quota for resource "autoscaling.openshift.io/v1beta1, Resource=machineautoscalers", couldn't start monitor for resource "tuned.openshift.io/v1, Resource=profiles": unable to monitor quota for resource "tuned.openshift.io/v1, Resource=profiles", couldn't start monitor for resource "whereabouts.cni.cncf.io/v1alpha1, Resource=overlappingrangeipreservations": unable to monitor quota for resource "whereabouts.cni.cncf.io/v1alpha1, Resource=overlappingrangeipreservations", couldn't start monitor for resource "operator.openshift.io/v1, Resource=ingresscontrollers": unable to monitor quota for resource "operator.openshift.io/v1, Resource=ingresscontrollers", couldn't start monitor for resource "operators.coreos.com/v1alpha1, Resource=catalogsources": unable to monitor quota for resource "operators.coreos.com/v1alpha1, Resource=catalogsources", couldn't start monitor for resource "machine.openshift.io/v1beta1, Resource=machines": unable to monitor quota for resource "machine.openshift.io/v1beta1, Resource=machines", couldn't start monitor for resource "monitoring.coreos.com/v1, Resource=probes": unable to monitor quota for resource "monitoring.coreos.com/v1, Resource=probes", couldn't start monitor for resource "operators.coreos.com/v1, Resource=operatorgroups": unable to monitor quota for resource "operators.coreos.com/v1, Resource=operatorgroups", couldn't start monitor for resource "operators.coreos.com/v1alpha1, Resource=clusterserviceversions": unable to monitor quota for resource "operators.coreos.com/v1alpha1, Resource=clusterserviceversions", couldn't start monitor for resource "monitoring.coreos.com/v1, Resource=thanosrulers": unable to monitor quota for resource "monitoring.coreos.com/v1, Resource=thanosrulers", couldn't start monitor for resource "cloudcredential.openshift.io/v1, Resource=credentialsrequests": unable to monitor quota for resource "cloudcredential.openshift.io/v1, Resource=credentialsrequests", couldn't start monitor for resource "monitoring.coreos.com/v1, Resource=prometheuses": unable to monitor quota for resource "monitoring.coreos.com/v1, Resource=prometheuses", couldn't start monitor for resource "operators.coreos.com/v1alpha1, Resource=installplans": unable to monitor quota for resource "operators.coreos.com/v1alpha1, Resource=installplans", couldn't start monitor for resource "machine.openshift.io/v1beta1, Resource=machinesets": unable to monitor quota for resource "machine.openshift.io/v1beta1, Resource=machinesets", couldn't start monitor for resource "network.operator.openshift.io/v1, Resource=operatorpkis": unable to monitor quota for resource "network.operator.openshift.io/v1, Resource=operatorpkis", couldn't start monitor for resource "monitoring.coreos.com/v1, Resource=alertmanagers": unable to monitor quota for resource "monitoring.coreos.com/v1, Resource=alertmanagers", couldn't start monitor for resource "monitoring.coreos.com/v1, Resource=prometheusrules": unable to monitor quota for resource "monitoring.coreos.com/v1, Resource=prometheusrules", couldn't start monitor for resource "operators.coreos.com/v1alpha1, Resource=subscriptions": unable to monitor quota for resource "operators.coreos.com/v1alpha1, Resource=subscriptions", couldn't start monitor for resource "tuned.openshift.io/v1, Resource=tuneds": unable to monitor quota for resource "tuned.openshift.io/v1, Resource=tuneds", couldn't start monitor for resource "ingress.operator.openshift.io/v1, Resource=dnsrecords": unable to monitor quota for resource "ingress.operator.openshift.io/v1, Resource=dnsrecords", couldn't start monitor for resource "monitoring.coreos.com/v1, Resource=podmonitors": unable to monitor quota for resource "monitoring.coreos.com/v1, Resource=podmonitors", couldn't start monitor for resource "network.openshift.io/v1, Resource=egressnetworkpolicies": unable to monitor quota for resource "network.openshift.io/v1, Resource=egressnetworkpolicies", couldn't start monitor for resource "machine.openshift.io/v1beta1, Resource=machinehealthchecks": unable to monitor quota for resource "machine.openshift.io/v1beta1, Resource=machinehealthchecks", couldn't start monitor for resource "k8s.cni.cncf.io/v1, Resource=network-attachment-definitions": unable to monitor quota for resource "k8s.cni.cncf.io/v1, Resource=network-attachment-definitions", couldn't start monitor for resource "monitoring.coreos.com/v1, Resource=servicemonitors": unable to monitor quota for resource "monitoring.coreos.com/v1, Resource=servicemonitors", couldn't start monitor for resource "snapshot.storage.k8s.io/v1beta1, Resource=volumesnapshots": unable to monitor quota for resource "snapshot.storage.k8s.io/v1beta1, Resource=volumesnapshots", couldn't start monitor for resource "controlplane.operator.openshift.io/v1alpha1, Resource=podnetworkconnectivitychecks": unable to monitor quota for resource "controlplane.operator.openshift.io/v1alpha1, Resource=podnetworkconnectivitychecks"]
E0923 11:04:14.758640       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 11:04:14.918018       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:04:16.016649       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 11:04:18.200277       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 11:04:22.072482       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 11:04:24.920078       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:04:31.132968       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 11:04:34.920350       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:04:44.942640       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:04:54.398385       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 11:04:54.920130       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:05:04.931593       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:05:14.919904       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:05:24.921281       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:05:30.603284       1 reflector.go:127] k8s.io/client-go.0-rc.2/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E0923 11:05:34.919877       1 namespace_scc_allocation_controller.go:258] the server could not find the requested resource (post rangeallocations.security.openshift.io)
E0923 11:06:14.947616       1 namespace_scc_allocation_controller.go:258] the server is currently unable to handle the request (get rangeallocations.security.openshift.io scc-uid)

[core@ip-10-0-23-53 ~]$ cat  /var/log/bootstrap-control-plane/cluster-policy-controller.log | grep "F0"
F0923 10:58:48.337850       1 namespace_scc_allocation_controller.go:116] timed out waiting for the condition
F0923 11:03:51.162459       1 namespace_scc_allocation_controller.go:116] timed out waiting for the condition
goroutine 163 [running]:
k8s.io/klog/v2.stacks(0xc0005a5501, 0xc0005a6ff0, 0x6e, 0xe9)
        k8s.io/klog/v2.0/klog.go:996 +0xb8
k8s.io/klog/v2.(*loggingT).output(0x360a420, 0xc000000003, 0x0, 0x0, 0xc00086ad90, 0x353bd15, 0x26, 0x74, 0x2464900)
        k8s.io/klog/v2.0/klog.go:945 +0x19d
k8s.io/klog/v2.(*loggingT).printDepth(0x360a420, 0xc000000003, 0x0, 0x0, 0x1, 0xc000a41f38, 0x1, 0x1)
        k8s.io/klog/v2.0/klog.go:718 +0x15e
k8s.io/klog/v2.(*loggingT).print(...)
        k8s.io/klog/v2.0/klog.go:703
k8s.io/klog/v2.Fatal(...)
        k8s.io/klog/v2.0/klog.go:1443
github.com/openshift/cluster-policy-controller/pkg/security/controller.(*NamespaceSCCAllocationController).Run(0xc000c60000, 0xc0000b9bc0)
        github.com/openshift/cluster-policy-controller/pkg/security/controller/namespace_scc_allocation_controller.go:116 +0x21b
created by github.com/openshift/cluster-policy-controller/pkg/cmd/controller.RunNamespaceSecurityAllocationController
        github.com/openshift/cluster-policy-controller/pkg/cmd/controller/security.go:46 +0x5b4

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Install latest 4.6 cluster
2. check cluster-policy-controller.logs on the bootstrap node
3.

Actual results:
you could see that cluster-policy-controller comes up fine, but above errors in the description will be seen.

Expected results:
CPC should start fine and should not see any errors

Additional info:
Comment 1 David Eads 2020-09-30 14:49:08 UTC 
*** Bug 1882101 has been marked as a duplicate of this bug. ***
Comment 3 RamaKasturi 2020-10-06 06:43:20 UTC 
Tried verifying the bug with the latest payload and i see that  new resource which is "rangeallocations.security.internal.openshift.io" is getting updated instead of old one "rangeallocations.security.openshift.io" but still below errors in the cluster-policy-controller log file. Is that expected ?

E1006 05:18:55.581007       1 namespace_scc_allocation_controller.go:259] rangeallocations.security.internal.openshift.io "scc-uid" is forbidden: User "system:serviceaccount:openshift-infra:namespace-security-allocation-controller" cannot get resource "rangeallocations" in API group "security.internal.openshift.io" at the cluster scope
E1006 05:18:55.603974       1 reflector.go:127] k8s.io/client-go.0/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
W1006 05:18:55.604537       1 warnings.go:67] extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
E1006 05:18:56.629012       1 reflector.go:127] k8s.io/client-go.0/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E1006 05:18:59.284960       1 reflector.go:127] k8s.io/client-go.0/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E1006 05:19:04.471800       1 reflector.go:127] k8s.io/client-go.0/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E1006 05:19:05.586309       1 namespace_scc_allocation_controller.go:259] rangeallocations.security.internal.openshift.io "scc-uid" is forbidden: User "system:serviceaccount:openshift-infra:namespace-security-allocation-controller" cannot get resource "rangeallocations" in API group "security.internal.openshift.io" at the cluster scope
E1006 05:19:15.608814       1 namespace_scc_allocation_controller.go:259] rangeallocations.security.internal.openshift.io "scc-uid" is forbidden: User "system:serviceaccount:openshift-infra:namespace-security-allocation-controller" cannot get resource "rangeallocations" in API group "security.internal.openshift.io" at the cluster scope
E1006 05:19:15.811716       1 reflector.go:127] k8s.io/client-go.0/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E1006 05:19:25.604746       1 namespace_scc_allocation_controller.go:259] rangeallocations.security.internal.openshift.io "scc-uid" is forbidden: User "system:serviceaccount:openshift-infra:namespace-security-allocation-controller" cannot get resource "rangeallocations" in API group "security.internal.openshift.io" at the cluster scope
E1006 05:19:35.588644       1 namespace_scc_allocation_controller.go:259] rangeallocations.security.internal.openshift.io "scc-uid" is forbidden: User "system:serviceaccount:openshift-infra:namespace-security-allocation-controller" cannot get resource "rangeallocations" in API group "security.internal.openshift.io" at the cluster scope
E1006 05:19:35.839566       1 reflector.go:127] k8s.io/client-go.0/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E1006 05:19:45.623711       1 namespace_scc_allocation_controller.go:259] rangeallocations.security.internal.openshift.io "scc-uid" is forbidden: User "system:serviceaccount:openshift-infra:namespace-security-allocation-controller" cannot get resource "rangeallocations" in API group "security.internal.openshift.io" at the cluster scope
E1006 05:19:55.604708       1 namespace_scc_allocation_controller.go:259] rangeallocations.security.internal.openshift.io "scc-uid" is forbidden: User "system:serviceaccount:openshift-infra:namespace-security-allocation-controller" cannot get resource "rangeallocations" in API group "security.internal.openshift.io" at the cluster scope
E1006 05:20:05.585542       1 namespace_scc_allocation_controller.go:259] rangeallocations.security.internal.openshift.io "scc-uid" is forbidden: User "system:serviceaccount:openshift-infra:namespace-security-allocation-controller" cannot get resource "rangeallocations" in API group "security.internal.openshift.io" at the cluster scope
E1006 05:20:08.914551       1 reflector.go:127] k8s.io/client-go.0/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E1006 05:20:15.585260       1 namespace_scc_allocation_controller.go:259] rangeallocations.security.internal.openshift.io "scc-uid" is forbidden: User "system:serviceaccount:openshift-infra:namespace-security-allocation-controller" cannot get resource "rangeallocations" in API group "security.internal.openshift.io" at the cluster scope
E1006 05:20:25.585476       1 namespace_scc_allocation_controller.go:259] rangeallocations.security.internal.openshift.io "scc-uid" is forbidden: User "system:serviceaccount:openshift-infra:namespace-security-allocation-controller" cannot get resource "rangeallocations" in API group "security.internal.openshift.io" at the cluster scope
E1006 05:20:35.584909       1 namespace_scc_allocation_controller.go:259] rangeallocations.security.internal.openshift.io "scc-uid" is forbidden: User "system:serviceaccount:openshift-infra:namespace-security-allocation-controller" cannot get resource "rangeallocations" in API group "security.internal.openshift.io" at the cluster scope
E1006 05:20:45.271719       1 reflector.go:127] k8s.io/client-go.0/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
E1006 05:20:45.585275       1 namespace_scc_allocation_controller.go:259] rangeallocations.security.internal.openshift.io "scc-uid" is forbidden: User "system:serviceaccount:openshift-infra:namespace-security-allocation-controller" cannot get resource "rangeallocations" in API group "security.internal.openshift.io" at the cluster scope
E1006 05:20:55.584885       1 namespace_scc_allocation_controller.go:259] rangeallocations.security.internal.openshift.io "scc-uid" is forbidden: User "system:serviceaccount:openshift-infra:namespace-security-allocation-controller" cannot get resource "rangeallocations" in API group "security.internal.openshift.io" at the cluster scope
E1006 05:21:05.583511       1 namespace_scc_allocation_controller.go:259] rangeallocations.security.internal.openshift.io "scc-uid" is forbidden: User "system:serviceaccount:openshift-infra:namespace-security-allocation-controller" cannot get resource "rangeallocations" in API group "security.internal.openshift.io" at the cluster scope

Also i do see that oc api-resources lists the new one.

[knarra@knarra Openshift]$ oc api-resources | grep security.internal
rangeallocations                                       security.internal.openshift.io        false        RangeAllocation

payload where the bug was verified :
=====================================
[knarra@knarra Openshift]$ oc version
Client Version: 4.6.0-202009302026.p0-eadaf89
Server Version: 4.6.0-0.nightly-2020-10-03-051134
Kubernetes Version: v1.19.0+db1fc96
Comment 6 RamaKasturi 2020-10-12 06:34:03 UTC 
Tried verifying bug with the payload below and i do not see any errors in the cluster-policy-controller.log related to rangeallocations.security.internal.openshift.io. However i am still seeing the error as below, will move the bug to verified state once check with dev.

[knarra@knarra Openshift]$ oc get clusterversion
NAME      VERSION      AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.6.0-rc.2   True        False         44m     Cluster version is 4.6.0-rc.2
[knarra@knarra Openshift]$ oc version
Client Version: 4.6.0-202010081244.p0-074039a
Server Version: 4.6.0-rc.2
Kubernetes Version: v1.19.0+d59ce34

[knarra@knarra Openshift]$ oc api-resources | grep security.internal
rangeallocations                                       security.internal.openshift.io        false        RangeAllocation

E1012 05:16:40.472868       1 reflector.go:127] k8s.io/client-go.0/tools/cache/reflector.go:156: Failed to watch *v1.ImageStream: failed to list *v1.ImageStream: the server could not find the requested resource (get imagestreams.image.openshift.io)
Comment 7 RamaKasturi 2020-10-12 10:40:03 UTC 
Above error pasted in comment 6 is  seen during bootstrap in the cluster-policy-controller.log file and it might be because kube-apiserver is temporarily unavailable.

Based on comment 6 moving the bug to verified state as once the cluster is up and running i do not see the above logs present in cluster-poliy-controller log file any more.
Comment 9 errata-xmlrpc 2020-10-27 16:45:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196
Comment 10 Red Hat Bugzilla 2023-09-14 06:08:54 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days