//user/system:serviceaccount:openshift-cloud-credential-operator:cloud-credential-operator accessed mutatingwebhookconfigurations.v1beta1.admissionregistration.k8s.io 60 times found in https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/26104/pull-ci-openshift-origin-master-e2e-aws-disruptive/1386733471304519680
This blocks upgrade to 4.9, because when the kube-apiserver upgrades to 4.9, the endpoint used by the cloud-credential operator in 4.8 (kube-apiserver upgrades first) will stop functioning.
Hi Joel, I can see podidentity no longer access mutatingwebhookconfigurations.v1beta1.admissionregistration.k8s.io, but I see another api call to certificatesigningrequests.v1beta1.certificates.k8s.io, does this need to be fixed by us? user/system:serviceaccount:openshift-cloud-credential-operator:pod-identity-webhook accessed certificatesigningrequests.v1beta1.certificates.k8s.io 23 times found in https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/26104/pull-ci-openshift-origin-master-e2e-aws-disruptive/1390344110019186688
Still seing user/system:serviceaccount:openshift-cloud-credential-operator:pod-identity-webhook accessed certificatesigningrequests.v1beta1.certificates.k8s.io 13 times in [sig-arch][Late] clients should not use APIs that are removed in upcoming releases [Suite:openshift/conformance/parallel].
@lwan let's open a new BZ for the certificatesigningrequests v1beta1. The fix for that is in another repo.
Filed a new one : https://bugzilla.redhat.com/show_bug.cgi?id=1958492 , move this one to Verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438