Description of problem: Current CCO has a v1beta1 CRD for its CredentialsRequests. Next kube release (1.22) will drop support for v1beta1. Upgrading may cause some race conditions depending on whether v1beta1 is dropped before CCO is upgraded to a version with v1 CRDs.
This cannot wait until 4.9. It causes an permanent alert in 4.8.
*** Bug 1965947 has been marked as a duplicate of this bug. ***
Verified on 4.8.0-0.nightly-2021-06-01-231204 $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.8.0-0.nightly-2021-06-01-231204 True False 67m Cluster version is 4.8.0-0.nightly-2021-06-01-231204 $ MASTERS=`oc get no | grep master | grep -o '^[^ ]*'` $ for i in $MASTERS; do oc debug no/$i -- chroot /host bash -c "grep -hE '"'"k8s.io/removed-release":"[^"]+"'"' /var/log/kube-apiserver/audit*.log" ; done > all.log $ grep '"k8s.io/removed-release":"1.22"' all.log > 1.22.log $ jq -r '.user.username+": "+.requestURI' 1.22.log | sed 's/=[0-9][^&]*/=***/g' | sort | uniq -c | sort -n > 1.22.removed.apis $ cat 1.22.removed.apis 10 system:kube-controller-manager: /apis/extensions/v1beta1/ingresses?limit=***&resourceVersion=*** 54 system:kube-controller-manager: /apis/extensions/v1beta1/ingresses?allowWatchBookmarks=true&resourceVersion=***&timeout=***&timeoutSeconds=***&watch=true no v1beta1/customresourcedefinitions/credentialsrequests.cloudcredential.openshift.io now upgrade: 4.7.10 -> 4.8.0-0.nightly-2021-06-01-231204 passed
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438