Bug 1790481 - kube-scheduler can't list ConfigMaps in kube-system namespace
Summary: kube-scheduler can't list ConfigMaps in kube-system namespace
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-scheduler
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.3.z
Assignee: Tomáš Nožička
QA Contact: RamaKasturi
: 1802470 (view as bug list)
Depends On: 1778072
TreeView+ depends on / blocked
Reported: 2020-01-13 13:16 UTC by Tomáš Nožička
Modified: 2020-02-13 14:08 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-02-12 09:42:20 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift origin pull 24392 0 None closed [release-4.3] Bug 1790481: Fix delegated auth CM perms 2021-02-04 17:59:32 UTC
Red Hat Product Errata RHBA-2020:0391 0 None None None 2020-02-12 09:42:53 UTC

Description Tomáš Nožička 2020-01-13 13:16:55 UTC
Clayton found that



E0111 08:21:19.761804       1 reflector.go:123] k8s.io/apiserver/pkg/server/dynamiccertificates/configmap_cafile_content.go:209: Failed to list *v1.ConfigMap: configmaps "extension-apiserver-authentication" is forbidden: User "system:kube-scheduler" cannot list resource "configmaps" in API group "" in the namespace "kube-system"

This seems to be coming from https://github.com/openshift/kubernetes/commit/fe37aa8d169e6e90025084bed311e3b8b1632b7d

It doesn't manifest on master (4.4.0-0.ci-2020-01-12-114023) and there are no changes to kube-scheduler-operator Role/RoleBinding manifest in between.

Comment 1 Tomáš Nožička 2020-01-13 18:00:57 UTC
needs https://github.com/kubernetes/kubernetes/pull/85375 backported, will do it tomorrow

Comment 11 errata-xmlrpc 2020-02-12 09:42:20 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Comment 12 Maciej Szulik 2020-02-13 14:08:33 UTC
*** Bug 1802470 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.