Bug 1888607
Summary: | [release 4.5] The poddisruptionbudgets is using the operator service account, instead of gather | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Marcell Sevcsik <msevcsik> | |
Component: | Insights Operator | Assignee: | Marcell Sevcsik <msevcsik> | |
Status: | CLOSED ERRATA | QA Contact: | Pavel Šimovec <psimovec> | |
Severity: | high | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 4.5 | CC: | aos-bugs, inecas, psimovec, tremes | |
Target Milestone: | --- | |||
Target Release: | 4.5.z | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: |
Cause: A client used for gathering the poddisruptionbudgets uses the operator service account instead of the gather account.
Consequence: The operator service account has way more privileges then the gather account so creating a client using the former gives that client unnecessary permissions. (It also makes the manifests a bit confusing)
Fix: Use the gahter service account to create the client.
Result: The client that gathers the poddisruptionbudgets has only the minimum amount of permissions to do its job.
|
Story Points: | --- | |
Clone Of: | 1888602 | |||
: | 1888608 (view as bug list) | Environment: | ||
Last Closed: | 2021-01-20 05:49:27 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1888602 | |||
Bug Blocks: | 1888608 |
Description
Marcell Sevcsik
2020-10-15 10:02:27 UTC
CI passes, pdbs still get collected Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.5.27 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:0033 |