Description of problem: [sig-auth] [Feature:NodeAuthenticator] The kubelet can delegate ServiceAccount tokens to the API server [sig-auth] [Feature:NodeAuthenticator] The kubelet's main port 10250 should reject requests with no credentials tests are failing in IPv6. Version-Release number of selected component (if applicable): 4.8+ How reproducible: Run e2e-metal-ipi-ovn-ipv6 by enabling these 2 tests. Actual results: Tests are getting error; Err: { s: "error running /usr/local/bin/kubectl --server=https://api.ostest.test.metalkube.org:6443 --kubeconfig=ocp/ostest/auth/kubeconfig --namespace=e2e-node-authn-205 exec agnhost-pod -- /bin/sh -x -c curl -sIk -o /dev/null -w '%{http_code}' --header \"Authorization: Bearer `cat /var/run/secrets/kubernetes.io/serviceaccount/token`\" https://fd2e:6f44:5dd8:c956::14:10250/metrics:\nCommand stdout:\n000\nstderr:\n+ cat /var/run/secrets/kubernetes.io/serviceaccount/token\n+ curl -sIk -o /dev/null -w '%{http_code}' --header 'Authorization: Bearer XXXXXXXX https://fd2e:6f44:5dd8:c956::14:10250/metrics\ncommand terminated with exit code 3\n\nerror:\nexit status 3", }, Code: 3, } Expected results: Tests are passing in IPv6 configuration. Additional info: This is a bug in upstream.
Upstream fix is https://github.com/kubernetes/kubernetes/pull/102089
PR is attached (lgtm)... Moving over to the auth team to review/approve the upstream patch and backport in.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438