Bug 1718458 - [3.11] Extend cluster-autoscaler RBAC rules to allow to access pods/eviction resource
Summary: [3.11] Extend cluster-autoscaler RBAC rules to allow to access pods/eviction ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
: 3.11.z
Assignee: Russell Teague
QA Contact: Johnny Liu
URL:
Whiteboard:
Depends On: 1705233
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-06-07 19:45 UTC by Jan Chaloupka
Modified: 2019-06-26 09:08 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The cluster autoscaler does not have the clusterrole permission to evict pods. Consequence: Nodes cannot be automatically scaled because pods are not evicted. Fix: Added 'eviction' permission to autoscaler clusterrole. Result: Pods can be evicted and nodes scaled down.
Clone Of: 1705233
Environment:
Last Closed: 2019-06-26 09:08:11 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:1605 None None None 2019-06-26 09:08:20 UTC

Comment 1 Jan Chaloupka 2019-06-07 19:48:31 UTC
```yaml
- apiGroups: [""]
  resources: ["pods/eviction"]
  verbs: ["create"]
```

needs to be added under https://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_cluster_autoscaler/files/clusterrole.yml

Comment 2 Jan Chaloupka 2019-06-07 19:55:21 UTC
Upstream PR: https://github.com/openshift/openshift-ansible/pull/11673

Comment 4 Jianwei Hou 2019-06-12 06:13:18 UTC
Verified this has been added to the ansible role.

Comment 6 errata-xmlrpc 2019-06-26 09:08:11 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1605


Note You need to log in before you can comment on or make changes to this bug.