Description of problem: Have created sample VPA CR for the Auto mode with DeploymentConfig and VPA is not working on DeplymentConfig Workload.Below error in vpa. error: "prometheus-example-app" is forbidden: User "system:serviceaccount:openshift-vertical-pod-autoscaler:vpa-recommender" cannot get resource "deploymentconfigs/scale" in API group "apps.openshift.io" in the namespace "ns1"' Version-Release number of selected component (if applicable): RHOCP4.5 How reproducible: 100% Steps to Reproduce: 1.Install Vertical Pod Autoscaler Operator 2. Deploy sample application with DeploymentConfig and create VPA CR for the Auto mode 3. Actual results: Output of VPA. ~~~ name: vpa-recommender namespace: ns1 resourceVersion: "840675" selfLink: /apis/autoscaling.k8s.io/v1/namespaces/mani/verticalpodautoscalers/vpa-recommender uid: a5a00238-750f-45ab-a98a-d4c72f1766b4 spec: targetRef: apiVersion: apps.openshift.io/v1 kind: DeploymentConfig name: prometheus-example-app updatePolicy: updateMode: Auto status: conditions: - lastTransitionTime: "2020-10-05T07:11:59Z" message: 'Cannot read targetRef. Reason: Unhandled targetRef apps.openshift.io/v1 / DeploymentConfig / prometheus-example-app, last error deploymentconfigs.apps.openshift.io "prometheus-example-app" is forbidden: User "system:serviceaccount:openshift-vertical-pod-autoscaler:vpa-recommender" cannot get resource "deploymentconfigs/scale" in API group "apps.openshift.io" in the namespace "ns1"' status: "True" ~~~ Expected results: VPA status should have recommendation Additional info: Clusterole does not have the Deploymentconfig resource oc get clusterrole verticalpodautoscaler.v4.5.0-85f6b76654 -o yaml | grep -i deploymentconfig Also in the DOC[1] we mentioned in the beginning as 'The VPA uses individual custom resources (CR) to update all of the Pods associated with a workload object, such as a Deployment, Deployment Config, StatefulSet, Job, DaemonSet, ReplicaSet, or ReplicationController.' so as per the statement is should support(deploymentconfig). [1] https://docs.openshift.com/container-platform/4.5/nodes/pods/nodes-pods-vertical-autoscaler.html
Looks like a bug in https://github.com/openshift/vertical-pod-autoscaler-operator/blob/master/manifests/4.6/vertical-pod-autoscaler.v4.6.0.clusterserviceversion.yaml#L201-L314 which does not have DC.
Here are the objects I used for testing: hamster-dc.yaml --- apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: name: hamster spec: replicas: 2 labels: app: hamster template: metadata: labels: app: hamster spec: containers: - name: hamster image: k8s.gcr.io/ubuntu-slim:0.1 resources: requests: cpu: 100m memory: 50Mi command: ["/bin/sh"] args: - "-c" - "while true; do timeout 0.2s yes >/dev/null; sleep 0.8s; done" hamster-vpa-dc.yaml --- apiVersion: "autoscaling.k8s.io/v1beta2" kind: VerticalPodAutoscaler metadata: name: hamster-vpa spec: targetRef: apiVersion: "apps.openshift.io/v1" kind: DeploymentConfig name: hamster resourcePolicy: containerPolicies: - containerName: hamster controlledValues: RequestsOnly
Failed test on image: brew.registry.redhat.io/rh-osbs/iib-pub-pending:v4.7 as per comment 12
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633
Do we have any plan to backport the fix to 4.5/4.6 .?