1718458 – [3.11] Extend cluster-autoscaler RBAC rules to allow to access pods/eviction resource

Bug 1718458 - [3.11] Extend cluster-autoscaler RBAC rules to allow to access pods/eviction resource

Summary: [3.11] Extend cluster-autoscaler RBAC rules to allow to access pods/eviction ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	3.11.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	---
Target Release:	3.11.z
Assignee:	Russell Teague
QA Contact:	Johnny Liu
Docs Contact:
URL:
Whiteboard:
Depends On:	1705233
Blocks:
TreeView+	depends on / blocked

Reported:	2019-06-07 19:45 UTC by Jan Chaloupka
Modified:	2019-06-26 09:08 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: The cluster autoscaler does not have the clusterrole permission to evict pods. Consequence: Nodes cannot be automatically scaled because pods are not evicted. Fix: Added 'eviction' permission to autoscaler clusterrole. Result: Pods can be evicted and nodes scaled down.
Clone Of:	1705233
Environment:
Last Closed:	2019-06-26 09:08:11 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2019:1605	0	None	None	None	2019-06-26 09:08:20 UTC

Comment 1 Jan Chaloupka 2019-06-07 19:48:31 UTC

```yaml
- apiGroups: [""]
  resources: ["pods/eviction"]
  verbs: ["create"]
```

needs to be added under https://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_cluster_autoscaler/files/clusterrole.yml

Comment 2 Jan Chaloupka 2019-06-07 19:55:21 UTC

Upstream PR: https://github.com/openshift/openshift-ansible/pull/11673

Comment 4 Jianwei Hou 2019-06-12 06:13:18 UTC

Verified this has been added to the ansible role.

Comment 6 errata-xmlrpc 2019-06-26 09:08:11 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1605

Note You need to log in before you can comment on or make changes to this bug.