Bug 1835066 - Normal user can't create job from exist cronjob
Summary: Normal user can't create job from exist cronjob
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-controller-manager
Version: 4.5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.6.0
Assignee: Maciej Szulik
QA Contact: RamaKasturi
URL:
Whiteboard:
: 1877673 (view as bug list)
Depends On:
Blocks: 1884580
TreeView+ depends on / blocked
 
Reported: 2020-05-13 03:08 UTC by zhou ying
Modified: 2020-10-27 15:59 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 1884569 1884580 (view as bug list)
Environment:
Last Closed: 2020-10-27 15:58:59 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 15:59:20 UTC

Description zhou ying 2020-05-13 03:08:33 UTC
Description of problem:
Normal user can't create job with '--from'

Version-Release number of selected component (if applicable):
[root@dhcp-140-138 tmp]# oc version 
Client Version: 4.5.0-202005072157-f415627
Server Version: 4.5.0-0.nightly-2020-05-12-191228
Kubernetes Version: v1.18.2


How reproducible:
always

Steps to Reproduce:
1. Login OpenShift and create project:
2. Create cronjob:
   `oc create cronjob my-job --image=openshift/hello-openshift --schedule=\*\ 5\ \*\ \*\ \?`
3. Create job with '--from'
   `oc create job hello-job --from=cronjob/my-job`

Actual results:
3. Failed with error: 
[root@localhost ~]# oc create job hello-job --from=cronjob/my-job 
error: failed to create job: jobs.batch "hello-job" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>

Expected results:
3. Should succeed:

Additional info:
[root@localhost ~]# oc create job hello-job1 --from=cronjob/my-job   --loglevel=9
I0513 10:55:18.917799   49584 loader.go:375] Config loaded from file:  /root/.kube/config
.....

I0513 10:55:21.676738   49584 round_trippers.go:443] POST https://api.yinzhou13.qe.devcluster.openshift.com:6443/apis/batch/v1/namespaces/zhouyt/jobs 403 Forbidden in 394 milliseconds
I0513 10:55:21.676824   49584 round_trippers.go:449] Response Headers:
I0513 10:55:21.676847   49584 round_trippers.go:452]     Audit-Id: 18bceecc-48a0-46b2-a54b-49035bc7e32a
I0513 10:55:21.676871   49584 round_trippers.go:452]     Content-Type: application/json
I0513 10:55:21.676907   49584 round_trippers.go:452]     X-Kubernetes-Pf-Flowschema-Uid: ed68c64e-b5fe-4a6e-9df7-adac27c599e0
I0513 10:55:21.676934   49584 round_trippers.go:452]     X-Kubernetes-Pf-Prioritylevel-Uid: 41304d83-ce4e-4f6d-b14f-212062b1e813
I0513 10:55:21.676959   49584 round_trippers.go:452]     Content-Length: 334
I0513 10:55:21.676986   49584 round_trippers.go:452]     Date: Wed, 13 May 2020 02:55:21 GMT
I0513 10:55:21.677057   49584 request.go:1068] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"jobs.batch \"hello-job1\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , \u003cnil\u003e","reason":"Forbidden","details":{"name":"hello-job1","group":"batch","kind":"jobs"},"code":403}
F0513 10:55:21.678106   49584 helpers.go:115] error: failed to create job: jobs.batch "hello-job1" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>

Comment 1 Maciej Szulik 2020-05-13 11:08:52 UTC
Will be fixed during next k8s bump https://github.com/kubernetes/kubernetes/pull/91053

Comment 4 Maciej Szulik 2020-06-18 10:10:51 UTC
Waiting for k8s bump.

Comment 5 Maciej Szulik 2020-07-09 11:05:46 UTC
Waiting for next k8s bump.

Comment 6 Maciej Szulik 2020-08-11 11:25:49 UTC
Bump was in https://github.com/openshift/oc/pull/491

Comment 16 Maciej Szulik 2020-09-10 13:43:39 UTC
*** Bug 1877673 has been marked as a duplicate of this bug. ***

Comment 22 errata-xmlrpc 2020-10-27 15:58:59 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.