+++ This bug was initially created as a clone of Bug #1844760 +++ Description of problem: Two new RBAC changes were made in VPA upstream that don't exist in our OLM manifests, so the new version of the VPA controllers won't run. Here are the upstream changes. https://github.com/kubernetes/autoscaler/commit/91b955316e6731f81ce8fc0c11c86db6a6300e2f#diff-d0e893b6e6e2716c431b53ecf48088b5R267 https://github.com/kubernetes/autoscaler/commit/572331a244eb30fad83e8bed7882b4756ba9d21c#diff-d0e893b6e6e2716c431b53ecf48088b5R290 The updater fails with repeating messages like this: E0606 21:46:48.385779 1 updater.go:114] Error getting Admission Controller status: leases.coordination.k8s.io "vpa-admission-controller" is forbidden: User "system:serviceaccount:openshift-vertical-pod-autoscaler:vpa-updater" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system". Skipping eviction loop Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: Follow existing test cases at https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitems?query=NOT%20HAS_VALUE%3Aresolution%20AND%20trello%3AOCPNODE%5C-173 1. Install VPA via OperatorHub using ART-built images 2. Deploy an application and configure the VPA to monitor and update it 3. Observe that the VPA does not update the applications 4. Check updater logs: oc logs -n openshift-vertical-pod-autoscaler deployment.apps/vpa-updater-default Actual results: Pod updates never happen, error messages in the updater log. Expected results: Pop updates happen, no error messages. Additional info:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409