Bug 1972693 - Noticing `is forbidden: User "system:serviceaccount:*"` in CI logs
Summary: Noticing `is forbidden: User "system:serviceaccount:*"` in CI logs
Keywords:
Status: CLOSED DUPLICATE of bug 1972167
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: apiserver-auth
Version: 4.8
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: Sebastian Łaskawiec
QA Contact: liyao
URL:
Whiteboard: tag-ci
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-06-16 12:23 UTC by ravig
Modified: 2021-06-22 06:21 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-06-22 06:21:49 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description ravig 2021-06-16 12:23:53 UTC 
Description of problem:

We have increased test failures in CI with errors like:

 Multus: [openshift-network-diagnostics/network-check-target-kqxph]: error getting pod: pods "network-check-target-kqxph" is forbidden: User "system:serviceaccount:openshift-multus:multus" cannot get resource "pods" in API group "" in the namespace "openshift-network-diagnostics"

Search CI failures:

https://search.ci.openshift.org/?search=is+forbidden%3A+User+%22system%3Aserviceaccount%3A&maxAge=48h&context=1&type=bug%2Bjunit&name=&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job


Initial analysis makes us think it could be issue with some components talking via localhost or LB thinking kube-apiserver is unavailable even when it is available.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Sebastian Łaskawiec 2021-06-22 06:20:52 UTC 
Closing as a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1972167 and https://bugzilla.redhat.com/show_bug.cgi?id=1973423

CI logs are clean for the last 2 days.
Comment 2 Sebastian Łaskawiec 2021-06-22 06:21:49 UTC 

*** This bug has been marked as a duplicate of bug 1972167 ***
Note You need to log in before you can comment on or make changes to this bug.