Description of problem: Reviewing cluster audit logs, deprecated API is used: ['{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"f516de5d-e311-433d-a743-8b1271276690","stage":"ResponseComplete","requestURI":"/apis/authorization.k8s.io/v1beta1/subjectaccessreviews","verb":"create","user":{"username":"system:serviceaccount:openshift-cnv:kubevirt-apiserver","uid":"6e8c3bb6-3a9c-4e1b-92c5-b2586bfe8947","groups":["system:serviceaccounts","system:serviceaccounts:openshift-cnv","system:authenticated"]},"sourceIPs":["192.168.3.77"],"userAgent":"virt-api/v0.0.0 (linux/amd64) kubernetes/$Format","objectRef":{"resource":"subjectaccessreviews","apiGroup":"authorization.k8s.io","apiVersion":"v1beta1"},"responseStatus":{"metadata":{},"code":201},"requestReceivedTimestamp":"2021-06-14T07:53:49.526383Z","stageTimestamp":"2021-06-14T07:53:49.530550Z","annotations":{"authentication.k8s.io/legacy-token":"system:serviceaccount:openshift-cnv:kubevirt-apiserver","authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \\"kubevirt-apiserver-auth-delegator\\" of ClusterRole \\"system:auth-delegator\\" to ServiceAccount \\"kubevirt-apiserver/openshift-cnv\\"","k8s.io/deprecated":"true","k8s.io/removed-release":"1.22"}}'] Version-Release number of selected component (if applicable): virt-api v4.8.0-62 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
I want also to mention that OCP 4.9 is going to be based on k8s 1.22 so those APIs are not going to be present there. This means that this should be absolutely fixed during 4.8 timeframe otherwise the product will start failing when the user will upgrade his cluster to 4.9.
This is waiting on https://github.com/kubevirt/kubevirt/pull/5822 to be merged in 0.41.
https://github.com/kubevirt/kubevirt/pull/5822 got merged in 0.41.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Virtualization 4.8.1 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3259