Bug 1926371 - Pod Scale-up requires extra privileges in OpenShift web-console
Summary: Pod Scale-up requires extra privileges in OpenShift web-console
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 4.5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.6.z
Assignee: Robb Hamilton
QA Contact: Siva Reddy
URL:
Whiteboard:
Depends On: 1911307
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-02-08 18:01 UTC by Robb Hamilton
Modified: 2021-03-09 20:16 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Scale pods is not using the 'scale' subresource. Consequence: Custom role without patch verb for deploymentconfigs/deployments can't scale the pods in the webconsole. Fix: Scale pods using the 'scale' subresource. Result: Scaling happens without adding any extra privileges through webconsole.
Clone Of:
Environment:
Last Closed: 2021-03-09 20:16:08 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 8099 0 None open [release-4.6] Bug 1926371: scale pods using the 'scale' subresource 2021-02-08 18:22:45 UTC
Red Hat Product Errata RHBA-2021:0674 0 None None None 2021-03-09 20:16:19 UTC

Description Robb Hamilton 2021-02-08 18:01:57 UTC
This bug was initially created as a copy of Bug #1911307

I am copying this bug because: 



Description of problem:
Without the `patch` verb for the `deployments`/`deploymentconfigs` resource, we cannot scale the deployments/deploymentconfigs through the web console. We need to provide an extra `patch` verb in order to scale up pods through the web-console. However, through CLI the pods' replica scale-up works without the `patch` verb.


Version-Release number of selected component (if applicable):
4.5


How reproducible:
100%

Steps to Reproduce:
1. Create a custom role without patch verb for deploymentconfigs/deployments (Attachment #1 [details])
2. Then assign the role to the user. 
3. Now try to scale the pods through webconsole and CLI.

Actual results:
Through CLI it is working as expected:

[quicklab@upi-0 ~]$ oc scale dc httpd --replicas=2
deploymentconfig.apps.openshift.io/httpd scaled

However, through webconsole, we need to provide the patch verb or else it won't show the arrows for calling the pods. 

Expected results:

Scaling should happen without adding any extra privileges through webconsole as done via CLI.

Additional info:
Attaching a sample custom role YAML file and screenshots of the webconsole.

Comment 1 Robb Hamilton 2021-02-23 19:10:03 UTC
PR awaiting cherry-pick approval.

Comment 3 Siva Reddy 2021-02-28 22:14:56 UTC
Version:
 4.6.0-0.nightly-2021-02-26-224651

1. Create a custom role
2. Then assign the role to the user.
3. Now try to scale the pods through webconsole, on DC Details page, we can see scale up/down arrow in pod donut, `Edit Pod count` kebab is also available 
4. try to scale the pods through CLI, it works well

Comment 6 errata-xmlrpc 2021-03-09 20:16:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6.20 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0674


Note You need to log in before you can comment on or make changes to this bug.