Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1790481

Summary: kube-scheduler can't list ConfigMaps in kube-system namespace
Product: OpenShift Container Platform Reporter: Tomáš Nožička <tnozicka>
Component: kube-schedulerAssignee: Tomáš Nožička <tnozicka>
Status: CLOSED ERRATA QA Contact: RamaKasturi <knarra>
Severity: high Docs Contact:
Priority: high    
Version: 4.3.0CC: aos-bugs, knarra, maszulik, mfojtik, scuppett, xxia, yinzhou
Target Milestone: ---   
Target Release: 4.3.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-02-12 09:42:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1778072    
Bug Blocks:    

Description Tomáš Nožička 2020-01-13 13:16:55 UTC 
Clayton found that

https://storage.googleapis.com/origin-ci-test/logs/release-openshift-ocp-installer-e2e-aws-fips-4.3/1283/artifacts/e2e-aws-fips/pods/openshift-kube-scheduler_openshift-kube-scheduler-ip-10-0-135-48.ec2.internal_scheduler.log 

shows

E0111 08:21:19.761804       1 reflector.go:123] k8s.io/apiserver/pkg/server/dynamiccertificates/configmap_cafile_content.go:209: Failed to list *v1.ConfigMap: configmaps "extension-apiserver-authentication" is forbidden: User "system:kube-scheduler" cannot list resource "configmaps" in API group "" in the namespace "kube-system"

This seems to be coming from https://github.com/openshift/kubernetes/commit/fe37aa8d169e6e90025084bed311e3b8b1632b7d

It doesn't manifest on master (4.4.0-0.ci-2020-01-12-114023) and there are no changes to kube-scheduler-operator Role/RoleBinding manifest in between.
Comment 1 Tomáš Nožička 2020-01-13 18:00:57 UTC 
needs https://github.com/kubernetes/kubernetes/pull/85375 backported, will do it tomorrow
Comment 11 errata-xmlrpc 2020-02-12 09:42:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0391
Comment 12 Maciej Szulik 2020-02-13 14:08:33 UTC 
*** Bug 1802470 has been marked as a duplicate of this bug. ***