Description of problem: On a cluster otherwise behaving normally, the following error message can be seen repeatedly (~ every 30s) in the logs of the cdi-deployment Pod: 1 reflector.go:138] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:229: Failed to watch *v1.ConfigMap: failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:openshift-cnv:cdi-sa" cannot list resource "configmaps" in API group "" at the cluster scope Version-Release number of selected component (if applicable): 4.8.4 How reproducible: Always Steps to Reproduce: 1. Install OpenShift Virtualization :)
Still unsure how reproducible this is and/or if it was a transient error in a specific OCP version. Pushing to 4.9.1 to get some more time to gather information.
This permission error was related to an Openshift bug which was fixed. We can no longer reproduce this error.
E1221 11:41:32.762292 1 reflector.go:138] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:229: Failed to watch *v1.ConfigMap: failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:openshift-cnv:cdi-sa" cannot list resource "configmaps" in API group "" at the cluster scope Fresh 4.9.1 installation on OCP 4.9.11
Yes I'll reopen.
Test this bug on several OCP-4.9.15, CNV-v4.9.2-27 clusters Can not reproduce this error.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Virtualization 4.9.2 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0191