Bug 1911307
| Summary: | Pod Scale-up requires extra privileges in OpenShift web-console | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Rejeeb <rabdulra> |
| Component: | Management Console | Assignee: | Jakub Hadvig <jhadvig> |
| Status: | CLOSED ERRATA | QA Contact: | Yadan Pei <yapei> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4.5 | CC: | aos-bugs, apurty, gparente, jhadvig, jokerman, ltitov, rhamilto, spadgett, yapei |
| Target Milestone: | --- | ||
| Target Release: | 4.7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Cause: Scale pods is not using the 'scale' subresource.
Consequence: Custom role without patch verb for deploymentconfigs/deployments can't scale the pods in the webconsole.
Fix: Scale pods using the 'scale' subresource.
Result: Scaling happens without adding any extra privileges through webconsole.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-02-24 15:49:10 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1926371 | ||
1. Create a custom role from attachment 1 [details]
2. Then assign the role to the user.
# oc adm policy add-cluster-role-to-user ops yapei
Warning: User 'yapei' not found
clusterrole.rbac.authorization.k8s.io/ops added: "yapei"
3. Now try to scale the pods through webconsole, on DC Details page, we can see scale up/down arrow in pod donut, `Edit Pod count` kebab is also available
4. try to scale the pods through CLI, it works well
Verified on 4.7.0-0.nightly-2021-01-13-124141
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633 *** Bug 1886888 has been marked as a duplicate of this bug. *** |
Description of problem: Without the `patch` verb for the `deployments`/`deploymentconfigs` resource, we cannot scale the deployments/deploymentconfigs through the web console. We need to provide an extra `patch` verb in order to scale up pods through the web-console. However, through CLI the pods' replica scale-up works without the `patch` verb. Version-Release number of selected component (if applicable): 4.5 How reproducible: 100% Steps to Reproduce: 1. Create a custom role without patch verb for deploymentconfigs/deployments (Attachment #1 [details]) 2. Then assign the role to the user. 3. Now try to scale the pods through webconsole and CLI. Actual results: Through CLI it is working as expected: [quicklab@upi-0 ~]$ oc scale dc httpd --replicas=2 deploymentconfig.apps.openshift.io/httpd scaled However, through webconsole, we need to provide the patch verb or else it won't show the arrows for calling the pods. Expected results: Scaling should happen without adding any extra privileges through webconsole as done via CLI. Additional info: Attaching a sample custom role YAML file and screenshots of the webconsole.