Bug 1972693

Summary: Noticing `is forbidden: User "system:serviceaccount:*"` in CI logs
Product: OpenShift Container Platform Reporter: ravig <rgudimet>
Component: apiserver-authAssignee: Sebastian Łaskawiec <slaskawi>
Status: CLOSED DUPLICATE QA Contact: liyao
Severity: high Docs Contact:
Priority: high    
Version: 4.8CC: aos-bugs, mfojtik, slaskawi, surbania
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: tag-ci
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-06-22 06:21:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description ravig 2021-06-16 12:23:53 UTC 
Description of problem:

We have increased test failures in CI with errors like:

 Multus: [openshift-network-diagnostics/network-check-target-kqxph]: error getting pod: pods "network-check-target-kqxph" is forbidden: User "system:serviceaccount:openshift-multus:multus" cannot get resource "pods" in API group "" in the namespace "openshift-network-diagnostics"

Search CI failures:

https://search.ci.openshift.org/?search=is+forbidden%3A+User+%22system%3Aserviceaccount%3A&maxAge=48h&context=1&type=bug%2Bjunit&name=&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job


Initial analysis makes us think it could be issue with some components talking via localhost or LB thinking kube-apiserver is unavailable even when it is available.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Sebastian Łaskawiec 2021-06-22 06:20:52 UTC 
Closing as a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1972167 and https://bugzilla.redhat.com/show_bug.cgi?id=1973423

CI logs are clean for the last 2 days.
Comment 2 Sebastian Łaskawiec 2021-06-22 06:21:49 UTC 

*** This bug has been marked as a duplicate of bug 1972167 ***