> The solution is to create a special RBAC check in the ExternalIPAdmissionController that looks like the one in the RestrictedEndpointAdmissionController
The links there are to 4.1, but we'll want to do this in git master first, where the controller has moved to vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/network/externalipranger/externalip_admission.go
Verified it on v4.3.0-0.ci-2019-10-04-083724.
Will re-test it when the v4.3 nightly image ready on https://openshift-release.svc.ci.openshift.org/
from comment 4. this bug can be verified.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.