Bug 1995824

Summary: CDI permission error fills up logs
Product: Container Native Virtualization (CNV) Reporter: Adam Litke <alitke>
Component: StorageAssignee: Alex Kalenyuk <akalenyu>
Status: CLOSED ERRATA QA Contact: Yan Du <yadu>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.8.4CC: cnv-qe-bugs, gveitmic, mrashish, ramon.gordillo, yadu, ycui
Target Milestone: ---Keywords: Reopened
Target Release: 4.9.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: CNV v4.9.2-15 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-01-19 17:49:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Adam Litke 2021-08-19 20:08:34 UTC
Description of problem:

On a cluster otherwise behaving normally, the following error message can be seen repeatedly (~ every 30s) in the logs of the cdi-deployment Pod:

1 reflector.go:138] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:229: Failed to watch *v1.ConfigMap: failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:openshift-cnv:cdi-sa" cannot list resource "configmaps" in API group "" at the cluster scope



Version-Release number of selected component (if applicable): 4.8.4


How reproducible: Always


Steps to Reproduce:
1. Install OpenShift Virtualization :)

Comment 6 Adam Litke 2021-09-14 16:26:38 UTC
Still unsure how reproducible this is and/or if it was a transient error in a specific OCP version.  Pushing to 4.9.1 to get some more time to gather information.

Comment 9 Adam Litke 2021-11-02 13:41:50 UTC
This permission error was related to an Openshift bug which was fixed.  We can no longer reproduce this error.

Comment 10 Ramon Gordillo 2021-12-21 11:45:32 UTC
E1221 11:41:32.762292       1 reflector.go:138] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:229: Failed to watch *v1.ConfigMap: failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:openshift-cnv:cdi-sa" cannot list resource "configmaps" in API group "" at the cluster scope

Fresh 4.9.1 installation on OCP 4.9.11

Comment 12 Adam Litke 2022-01-12 18:30:54 UTC
Yes I'll reopen.

Comment 13 Yan Du 2022-01-18 07:03:57 UTC
Test this bug on several OCP-4.9.15, CNV-v4.9.2-27 clusters
Can not reproduce this error.

Comment 19 errata-xmlrpc 2022-01-19 17:49:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.9.2 Images security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0191