2047025 – Installation fails because of Alibaba CSI driver operator is degraded

Bug 2047025 - Installation fails because of Alibaba CSI driver operator is degraded

Summary: Installation fails because of Alibaba CSI driver operator is degraded

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Storage
Sub Component:
Version:	4.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Target Release:	4.10.0
Assignee:	Jan Safranek
QA Contact:	Wei Duan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-01-27 09:52 UTC by Jan Safranek
Modified:	2022-03-12 04:42 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-03-12 04:41:56 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift cluster-storage-operator pull 259	0	None	open	Bug 2047025: Add "patch" permissions to Alibaba CSI driver operator	2022-01-27 09:56:22 UTC
Red Hat Product Errata	RHSA-2022:0056	0	None	None	None	2022-03-12 04:42:08 UTC

Description Jan Safranek 2022-01-27 09:52:40 UTC

Description of problem:
Alibaba CSI driver operator is degraded with this message:

rbac/snapshotter_role.yaml" (string): clusterroles.rbac.authorization.k8s.io "alibaba-disk-external-snapshotter-role" is forbidden: user "system:serviceaccount:openshift-cluster-csi-drivers:alibaba-disk-csi-driver-operator" (groups=["system:serviceaccounts" "system:serviceaccounts:openshift-cluster-csi-drivers" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:{APIGroups:["snapshot.storage.k8s.io"], Resources:["volumesnapshotcontents"], Verbs:["patch"]}"rbac/snapshotter_binding.yaml" (string): clusterroles.rbac.authorization.k8s.io "alibaba-disk-external-snapshotter-role" not found

This PR misses updates of RBAC rules for Alibaba: https://github.com/openshift/cluster-storage-operator/pull/256


Version-Release number of selected component (if applicable):
4.10.0-0.nightly-2022-01-26-234447

How reproducible:
Always

Comment 1 Jan Safranek 2022-01-27 09:59:40 UTC

This breaks installation on Alibaba cloud.

Comment 5 Wei Duan 2022-01-28 02:26:58 UTC

Verified pass on 4.10.0-0.nightly-2022-01-27-144113

$ oc get co storage
NAME      VERSION                              AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
storage   4.10.0-0.nightly-2022-01-27-144113   True        False         False      58m

Comment 8 errata-xmlrpc 2022-03-12 04:41:56 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056

Note You need to log in before you can comment on or make changes to this bug.