Description of problem: The RBAC for the ippools.whereabouts.cni.cncf.io for whereabouts IPAM CNI is incorrect. Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: Use whereabouts IPAM CNI Actual results: ``` Warning FailedCreatePodSandBox 6s kubelet, ip-10-0-136-158.us-west-2.compute.internal Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_samplepod_openshift-multus_37058433-2564-42f2-aa91-d1b11f4c8bb5_0(7f6354c73261945d7d3c29aad3dd48b94aec7248d92b4650ea8554cc14755153): Multus: [openshift-multus/samplepod]: error adding container to network "whereaboutsexample": delegateAdd: error invoking DelegateAdd - "macvlan": error in getting result from AddNetwork: Error assigning IP: ippools.whereabouts.cni.cncf.io is forbidden: User "system:serviceaccount:openshift-multus:multus" cannot list resource "ippools" in API group "whereabouts.cni.cncf.io" in the namespace "openshift-multus" ``` Expected results: No error. Additional info: This is the offending line @ https://github.com/openshift/cluster-network-operator/pull/526/files#diff-44eeae854395120fe566c1e3ddd5429bR88 This was found while diagnosing https://bugzilla.redhat.com/show_bug.cgi?id=1812245 which is also related to the change of CRD namespace for Whereabouts IPAM CNI.
You can work around this issue by updating the RBAC with: oc apply -f https://gist.githubusercontent.com/dougbtv/333af8ab8aab49547a7d3f8bb5d95b47/raw/170b2accbc2d1d37fd56d858c7b4e3b61645846e/rbac.yml
Hi Can this be closed? There's a work-around, there's also a depends-on which is on QE. -Alex
After all, we determined that this won't be used in 4.3.z by customer zero. So we're closing.