Description of problem:
Two new RBAC changes were made in VPA upstream that don't exist in our OLM manifests, so the new version of the VPA controllers won't run. Here are the upstream changes.
The updater fails with repeating messages like this:
E0606 21:46:48.385779 1 updater.go:114] Error getting Admission Controller status: leases.coordination.k8s.io "vpa-admission-controller" is forbidden: User "system:serviceaccount:openshift-vertical-pod-autoscaler:vpa-updater" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system". Skipping eviction loop
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Follow existing test cases at https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitems?query=NOT%20HAS_VALUE%3Aresolution%20AND%20trello%3AOCPNODE%5C-173
1. Install VPA via OperatorHub using ART-built images
2. Deploy an application and configure the VPA to monitor and update it
3. Observe that the VPA does not update the applications
4. Check updater logs: oc logs -n openshift-vertical-pod-autoscaler deployment.apps/vpa-updater-default
Pod updates never happen, error messages in the updater log.
Pop updates happen, no error messages.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.