+++ This bug was initially created as a clone of Bug #1845440 +++ Description of problem: Jun 04 22:41:42.095 I ns/openshift-kube-apiserver-operator deployment/kube-apiserver-operator reason/ObservedConfigChanged Writing updated observed config: map[string]interface{}{\n "admission": map[string]interface{}{"pluginConfig": map[string]interface{}{"network.openshift.io/ExternalIPRanger": map[string]interface{}{"configuration": map[string]interface{}{"allowIngressIP": bool(false), "apiVersion": string("network.openshift.io/v1"), "kind": string("ExternalIPRangerAdmissionConfig")}}, "network.openshift.io/RestrictedEndpointsAdmission": map[string]interface{}{"configuration": map[string]interface{}{"apiVersion": string("network.openshift.io/v1"), "kind": string("RestrictedEndpointsAdmissionConfig"), "restrictedCIDRs": []interface{}{string("10.128.0.0/14"), string("172.30.0.0/16")}}}}},\n "apiServerArguments": map[string]interface{}{\n "cloud-provider": []interface{}{string("aws")},\n "feature-gates": []interface{}{string("APIPriorityAndFairness=true"), string("RotateKubeletServerCertificate=true"), string("SupportPodPidsLimit=true"), string("NodeDisruptionExclusion=true"), string("ServiceNodeExclusion=true"), string("SCTPSupport=true"), string("LegacyNodeRoleBehavior=false")},\n- "service-account-issuer": []interface{}{string("https://ci-op-dgz95p2d-067ff-pxnzv-oidc.s3.amazonaws.com")},\n+ "service-account-issuer": []string{"https://ci-op-dgz95p2d-067ff-pxnzv-oidc.s3.amazonaws.com"},\n },\n "authConfig": map[string]interface{}{"oauthMetadataFile": string("/etc/kubernetes/static-pod-resources/configmaps/oauth-metadata/oauthMetadata")},\n "corsAllowedOrigins": []interface{}{string(`//127\.0\.0\.1(:|$)`), string("//localhost(:|$)")},\n ... // 4 identical entries\n }\n (785 times) The issue is the service-account-issuer is flipping because of unstructured issuer slice type: - "service-account-issuer": []interface{}{string("https://ci-op-dgz95p2d-067ff-pxnzv-oidc.s3.amazonaws.com")}, + "service-account-issuer": []string{"https://ci-op-dgz95p2d-067ff-pxnzv-oidc.s3.amazonaws.com"} Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Did a searching: https://search.apps.build01.ci.devcluster.openshift.com/?search=%22service-account-issuer%22%3A+%5C%5B%5C%5Dstring&maxAge=48h&context=1&type=bug%2Bjunit&name=&maxMatches=5&maxBytes=20971520&groupBy=job Still found one error in this job https://prow.svc.ci.openshift.org/job-history/origin-ci-test/logs/release-openshift-origin-installer-e2e-aws-upgrade-rollback-4.5-to-4.6, this job did a rollback from 4.6 to 4.5.0-rc.1, the bug's PR https://github.com/openshift/cluster-kube-apiserver-operator/pull/882 was merged on June 9, but 4.5.0-rc.1 was created from registry.svc.ci.openshift.org/ocp/release:4.5.0-0.nightly-2020-06-05-163714, so the fix is not in this release, the error occurred as expected. Checking the latest OCP 4.5 release, $ oc adm release info registry.svc.ci.openshift.org/ocp/release:4.5.0-0.nightly-2020-06-10-201008 --commits | grep -i kube-apiserver cluster-kube-apiserver-operator https://github.com/openshift/cluster-kube-apiserver-operator 997124bee1fd55a95fd71aadbfc52add0aef0a04 $ git log --date local --pretty="%h %an %cd - %s" 997124b | grep '#882' 1af29fb3 OpenShift Merge Robot Tue Jun 9 18:55:35 2020 - Merge pull request #882 from openshift-cherrypick-robot/cherry-pick-880-to-release-4.5 We can see the PR is already in, move the bug verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409