Bug 1972762 - virt-api - deprecated API is used
Summary: virt-api - deprecated API is used
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Virtualization
Version: 4.8.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.8.1
Assignee: Antonio Cardace
QA Contact: Israel Pinto
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-06-16 15:06 UTC by Ruth Netser
Modified: 2021-08-24 12:49 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-08-24 12:49:09 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:3259 0 None None None 2021-08-24 12:49:30 UTC

Description Ruth Netser 2021-06-16 15:06:30 UTC
Description of problem:
Reviewing cluster audit logs, deprecated API is used:
['{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"f516de5d-e311-433d-a743-8b1271276690","stage":"ResponseComplete","requestURI":"/apis/authorization.k8s.io/v1beta1/subjectaccessreviews","verb":"create","user":{"username":"system:serviceaccount:openshift-cnv:kubevirt-apiserver","uid":"6e8c3bb6-3a9c-4e1b-92c5-b2586bfe8947","groups":["system:serviceaccounts","system:serviceaccounts:openshift-cnv","system:authenticated"]},"sourceIPs":["192.168.3.77"],"userAgent":"virt-api/v0.0.0 (linux/amd64) kubernetes/$Format","objectRef":{"resource":"subjectaccessreviews","apiGroup":"authorization.k8s.io","apiVersion":"v1beta1"},"responseStatus":{"metadata":{},"code":201},"requestReceivedTimestamp":"2021-06-14T07:53:49.526383Z","stageTimestamp":"2021-06-14T07:53:49.530550Z","annotations":{"authentication.k8s.io/legacy-token":"system:serviceaccount:openshift-cnv:kubevirt-apiserver","authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \\"kubevirt-apiserver-auth-delegator\\" of ClusterRole \\"system:auth-delegator\\" to ServiceAccount \\"kubevirt-apiserver/openshift-cnv\\"","k8s.io/deprecated":"true","k8s.io/removed-release":"1.22"}}']


Version-Release number of selected component (if applicable):
virt-api v4.8.0-62


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Simone Tiraboschi 2021-06-17 07:41:48 UTC
I want also to mention that OCP 4.9 is going to be based on k8s 1.22 so those APIs are not going to be present there.
This means that this should be absolutely fixed during 4.8 timeframe otherwise the product will start failing when the user will upgrade his cluster to 4.9.

Comment 2 Antonio Cardace 2021-06-17 09:14:55 UTC
This is waiting on https://github.com/kubevirt/kubevirt/pull/5822 to be merged in 0.41.

Comment 3 Antonio Cardace 2021-06-17 13:49:56 UTC
https://github.com/kubevirt/kubevirt/pull/5822 got merged in 0.41.

Comment 10 errata-xmlrpc 2021-08-24 12:49:09 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.8.1 Images security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3259


Note You need to log in before you can comment on or make changes to this bug.