user/system:serviceaccount:openshift-machine-api:cluster-baremetal-operator accessed validatingwebhookconfigurations.v1beta1.admissionregistration.k8s.io 1 times This blocks upgrade to 4.9, because when the kube-apiserver upgrades to 4.9, the endpoint used by the operator in 4.8 (kube-apiserver upgrades first) will stop functioning. Many clusters get stuck in this state and running skewed fails.
Verified in 4.8.0-0.nightly-2021-05-10-002052 : $ MASTERS=`oc get no | grep master | grep -o '^[^ ]*'` $ for i in $MASTERS; do echo "$i"; oc debug no/$i -- chroot /host bash -c "grep -hE '"'"k8s.io/removed-release":"[^"]+"'"' /var/log/kube-apiserver/audit*.log" >> all.log ; done $ grep '"k8s.io/removed-release":"1.22"' all.log > 1.22.log $ jq -r '.user.username+": "+.requestURI' 1.22.log | sed 's/\?.*$//' | sort | uniq -c | sort -n 92 system:serviceaccount:openshift-machine-config-operator:default: /apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions 96 system:serviceaccount:openshift-machine-api:cluster-autoscaler-operator: /apis/admissionregistration.k8s.io/v1beta1/validatingwebhookconfigurations 105 system:serviceaccount:openshift-cluster-version:default: /apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions/clusteroperators.config.openshift.io 105 system:serviceaccount:openshift-cluster-version:default: /apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions/clusterversions.config.openshift.io 105 system:serviceaccount:openshift-cluster-version:default: /apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions/containerruntimeconfigs.machineconfiguration.openshift.io 105 system:serviceaccount:openshift-cluster-version:default: /apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions/credentialsrequests.cloudcredential.openshift.io 105 system:serviceaccount:openshift-cluster-version:default: /apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions/kubeletconfigs.machineconfiguration.openshift.io 105 system:serviceaccount:openshift-cluster-version:default: /apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions/machineconfigpools.machineconfiguration.openshift.io 105 system:serviceaccount:openshift-cluster-version:default: /apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions/machineconfigs.machineconfiguration.openshift.io 105 system:serviceaccount:openshift-cluster-version:default: /apis/rbac.authorization.k8s.io/v1beta1/clusterrolebindings/default-account-openshift-machine-config-operator 105 system:serviceaccount:openshift-cluster-version:default: /apis/rbac.authorization.k8s.io/v1beta1/namespaces/openshift-machine-api/rolebindings/cluster-autoscaler-operator 105 system:serviceaccount:openshift-cluster-version:default: /apis/rbac.authorization.k8s.io/v1beta1/namespaces/openshift-machine-api/roles/cluster-autoscaler-operator 173 system:kube-controller-manager: /apis/extensions/v1beta1/ingresses 339 system:serviceaccount:openshift-machine-config-operator:default: /apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions/controllerconfigs.machineconfiguration.openshift.io Did not find access to deprecated APIs related to baremetal operator
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438