Bug 1844760 - Vertical Pod Autoscaler (VPA) updater cannot get resource "leases"
Summary: Vertical Pod Autoscaler (VPA) updater cannot get resource "leases"
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Node
Version: 4.5
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.6.0
Assignee: Joel Smith
QA Contact: Weinan Liu
URL:
Whiteboard:
Depends On:
Blocks: 1844775
TreeView+ depends on / blocked
 
Reported: 2020-06-06 23:16 UTC by Joel Smith
Modified: 2020-10-27 16:05 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 16:05:31 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift vertical-pod-autoscaler-operator pull 27 0 None closed Bug 1844760: Additional instructions for testing the VPA until official images are available 2020-11-18 02:10:32 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:05:53 UTC

Description Joel Smith 2020-06-06 23:16:40 UTC
Description of problem:

Two new RBAC changes were made in VPA upstream that don't exist in our OLM manifests, so the new version of the VPA controllers won't run. Here are the upstream changes.

https://github.com/kubernetes/autoscaler/commit/91b955316e6731f81ce8fc0c11c86db6a6300e2f#diff-d0e893b6e6e2716c431b53ecf48088b5R267
https://github.com/kubernetes/autoscaler/commit/572331a244eb30fad83e8bed7882b4756ba9d21c#diff-d0e893b6e6e2716c431b53ecf48088b5R290

The updater fails with repeating messages like this:

E0606 21:46:48.385779       1 updater.go:114] Error getting Admission Controller status: leases.coordination.k8s.io "vpa-admission-controller" is forbidden: User "system:serviceaccount:openshift-vertical-pod-autoscaler:vpa-updater" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system". Skipping eviction loop

Version-Release number of selected component (if applicable):



How reproducible:
100%

Steps to Reproduce:
Follow existing test cases at https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitems?query=NOT%20HAS_VALUE%3Aresolution%20AND%20trello%3AOCPNODE%5C-173

1. Install VPA via OperatorHub using ART-built images
2. Deploy an application and configure the VPA to monitor and update it
3. Observe that the VPA does not update the applications
4. Check updater logs: oc logs -n openshift-vertical-pod-autoscaler deployment.apps/vpa-updater-default


Actual results:
Pod updates never happen, error messages in the updater log.

Expected results:
Pop updates happen, no error messages.


Additional info:

Comment 5 errata-xmlrpc 2020-10-27 16:05:31 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.