Bug 1962698
| Summary: | Console-operator can not create resource console-public configmap in the openshift-config-managed namespace | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Jakub Hadvig <jhadvig> |
| Component: | Management Console | Assignee: | Jakub Hadvig <jhadvig> |
| Status: | CLOSED ERRATA | QA Contact: | Yadan Pei <yapei> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.8 | CC: | aos-bugs, jokerman, spadgett, yapei |
| Target Milestone: | --- | ||
| Target Release: | 4.8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-07-27 23:09:30 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
1. Check console-operator logs and see if this error happens again
$ oc logs -n openshift-console-operator -f console-operator-654f6fcc85-7sc2t | tee -a console-operator.log
$ grep 'openshift-config-managed' console-operator.log
I0531 23:54:47.295441 1 event.go:282] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-console-operator", Name:"console-operator", UID:"324e62f5-5428-4812-b9e3-7a2b3c93ce9e", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'ConfigMapCreated' Created ConfigMap/console-public -n openshift-config-managed because it was missing
I0601 01:47:24.908460 1 request.go:600] Waited for 176.174386ms due to client-side throttling, not priority and fairness, request: GET:https://172.30.0.1:443/api/v1/namespaces/openshift-config-managed/configmaps/console-public
I0601 01:47:27.309039 1 request.go:600] Waited for 174.279812ms due to client-side throttling, not priority and fairness, request: GET:https://172.30.0.1:443/api/v1/namespaces/openshift-config-managed/configmaps/console-public
I0601 01:52:03.971378 1 request.go:600] Waited for 174.605139ms due to client-side throttling, not priority and fairness, request: GET:https://172.30.0.1:443/api/v1/namespaces/openshift-config-managed/configmaps/console-public
From console-operator log, we can see cm/console-public is successfully created
$ oc get cm console-public -n openshift-config-managed -o yaml
apiVersion: v1
data:
consoleURL: https://console-openshift-console.apps.qe-ui48-0601.qe.devcluster.openshift.com
kind: ConfigMap
metadata:
creationTimestamp: "2021-05-31T23:54:47Z"
name: console-public
namespace: openshift-config-managed
resourceVersion: "20670"
uid: 0196d60d-8f80-40e6-b1e0-7128af27b731
consoleURL is correctly set, verified on 4.8.0-0.nightly-2021-05-31-190546
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.8.0-0.nightly-2021-05-31-190546 True False 112m Cluster version is 4.8.0-0.nightly-2021-05-31-190546
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 |
Description of problem: Console-operator logs are showing error, that the operator cant create cannot create resource "configmaps" in API group in the namespace "openshift-config-managed". Thats due to the RBAC. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Go to console-operator pod's log 2. 3. Actual results: Console-operator pod logs are showing following error: ``` E0520 10:37:01.457925 1 sync_v400.go:179] could not update public console config status: configmaps is forbidden: User "system:serviceaccount:openshift-console-operator:console-operator" cannot create resource "configmaps" in API group "" in the namespace "openshift-config-managed" I0520 10:37:01.458130 1 event.go:282] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-console-operator", Name:"console-operator", UID:"697784b1-abf9-4583-801b-4b55d98e62f2", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Warning' reason: 'ConfigMapCreateFailed' Failed to create ConfigMap/console-public -n openshift-config-managed: configmaps is forbidden: User "system:serviceaccount:openshift-console-operator:console-operator" cannot create resource "configmaps" in API group "" in the namespace "openshift-config-managed" E0520 10:37:01.474721 1 base_controller.go:253] ConsoleOperator reconciliation failed: configmaps is forbidden: User "system:serviceaccount:openshift-console-operator:console-operator" cannot create resource "configmaps" in API group "" in the namespace "openshift-config-managed" E0520 10:37:03.690633 1 status.go:78] SyncLoopRefreshProgressing InProgress Working toward version 4.8.0-0.nightly-2021-05-19-092807 ``` Expected results: No error of this type should be in the logs console-operator's logs. Additional info: