+++ This bug was initially created as a clone of Bug #2006945 +++
failed 4.9 installs in CI, examples:
Platform: aws IPI
In the artifacts for these failed installs a log-bundle.tar is generated due to bootstrap failure.
In the bootkube.log you can see a large number of messages such as:
bootstrap/journals/bootkube.log:Sep 21 23:44:37 ip-10-0-15-48 bootkube.sh: "0000_20_kube-apiserver-operator_00_cr-scc-hostaccess.yaml": unable to get REST mapping for "0000_20_kube-apiserver-operator_00_cr-scc-hostaccess.yaml": no matches for kind "ClusterRole" in version "rbac.authorization.k8s.io/v1"
Which is for a core type that should be present.
deads has prepared a:
proposed fix: https://github.com/openshift/library-go/pull/1219
proof pr: https://github.com/openshift/cluster-bootstrap/pull/64
Slack thread with deads and stts: https://coreos.slack.com/archives/C02FFM5PNSG/p1632319918039000
We are still trying to determine if these are why the installs are failing, but there's still a problem to be fixed here regardless.
Yes, both of those tests (mentioned in private comments, why private?) used rc3 where as the fixes for bootstrap went into 4.9.0-rc4.
Needs to be tested with 4.9.0-rc.4 as the starting point for upgrading to 4.10, rc.4 was promoted on Monday.
Tried installation with 4.9.0-rc.4, did not encounter the bug. https://mastern-jenkins-csb-openshift-qe.apps.ocp4.prod.psi.redhat.com/job/ocp-common/job/Flexy-install/46177/console
Did not observe any install failures with the same bug for the above version from October 1st
@yunjiang please do have a look when you are back and reopen if needed.
Thanks Amogh, one-time installation may not encounter this issue, I will monitor ci job for a while and to see if it's still there.
Searched ci logs and didn't encounter this issue in recent 7 days, set to VERIFIED.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.