Clayton found that https://storage.googleapis.com/origin-ci-test/logs/release-openshift-ocp-installer-e2e-aws-fips-4.3/1283/artifacts/e2e-aws-fips/pods/openshift-kube-scheduler_openshift-kube-scheduler-ip-10-0-135-48.ec2.internal_scheduler.log shows E0111 08:21:19.761804 1 reflector.go:123] k8s.io/apiserver/pkg/server/dynamiccertificates/configmap_cafile_content.go:209: Failed to list *v1.ConfigMap: configmaps "extension-apiserver-authentication" is forbidden: User "system:kube-scheduler" cannot list resource "configmaps" in API group "" in the namespace "kube-system" This seems to be coming from https://github.com/openshift/kubernetes/commit/fe37aa8d169e6e90025084bed311e3b8b1632b7d It doesn't manifest on master (4.4.0-0.ci-2020-01-12-114023) and there are no changes to kube-scheduler-operator Role/RoleBinding manifest in between.
needs https://github.com/kubernetes/kubernetes/pull/85375 backported, will do it tomorrow
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0391
*** Bug 1802470 has been marked as a duplicate of this bug. ***