Description of problem:
Current CCO has a v1beta1 CRD for its CredentialsRequests. Next kube release (1.22) will drop support for v1beta1. Upgrading may cause some race conditions depending on whether v1beta1 is dropped before CCO is upgraded to a version with v1 CRDs.
This cannot wait until 4.9. It causes an permanent alert in 4.8.
*** Bug 1965947 has been marked as a duplicate of this bug. ***
Verified on 4.8.0-0.nightly-2021-06-01-231204
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.8.0-0.nightly-2021-06-01-231204 True False 67m Cluster version is 4.8.0-0.nightly-2021-06-01-231204
$ MASTERS=`oc get no | grep master | grep -o '^[^ ]*'`
$ for i in $MASTERS; do oc debug no/$i -- chroot /host bash -c "grep -hE '"'"k8s.io/removed-release":"[^"]+"'"' /var/log/kube-apiserver/audit*.log" ; done > all.log
$ grep '"k8s.io/removed-release":"1.22"' all.log > 1.22.log
$ jq -r '.user.username+": "+.requestURI' 1.22.log | sed 's/=[0-9][^&]*/=***/g' | sort | uniq -c | sort -n > 1.22.removed.apis
$ cat 1.22.removed.apis
10 system:kube-controller-manager: /apis/extensions/v1beta1/ingresses?limit=***&resourceVersion=***
54 system:kube-controller-manager: /apis/extensions/v1beta1/ingresses?allowWatchBookmarks=true&resourceVersion=***&timeout=***&timeoutSeconds=***&watch=true
no v1beta1/customresourcedefinitions/credentialsrequests.cloudcredential.openshift.io now
4.7.10 -> 4.8.0-0.nightly-2021-06-01-231204 passed
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.