Bug 2084664
| Summary: | RBAC rule missing for TALO to publish events | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | jun |
| Component: | Telco Edge | Assignee: | Steven Skeard <sskeard> |
| Telco Edge sub component: | TALO | QA Contact: | yliu1 |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | unspecified | CC: | ijolliff, jun, keyoung, sskeard |
| Version: | 4.10 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.11.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-08-18 04:08:08 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2099719 | ||
Unblock backport Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.11 CNF vRAN extras update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2022:6110 |
Description of problem: 2022-05-12T13:38:39.664Z DEBUG controller-runtime.manager.events Warning {"object": {"kind":"ClusterGroupUpgrade","namespace":"ztp-upgrade","name":"upgrade-all-sno","uid":"63074235-7cad-42ae-8ae1-84bf1458655d","apiVersion":"ran.openshift.io/v1alpha1","resourceVersion":"33942064"}, "reason": "UpgradeTimedOut", "message": "The ClusterGroupUpgrade CR policies are taking too long to complete"} E0512 13:38:39.684143 1 event.go:264] Server rejected event '&v1.Event{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"upgrade-all-sno.16ee5f2391b4a2fe", GenerateName:"", Namespace:"ztp-upgrade", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), DeletionTimestamp:<nil>, DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]string(nil), ClusterName:"", ManagedFields:[]v1.ManagedFieldsEntry(nil)}, InvolvedObject:v1.ObjectReference{Kind:"ClusterGroupUpgrade", Namespace:"ztp-upgrade", Name:"upgrade-all-sno", UID:"63074235-7cad-42ae-8ae1-84bf1458655d", APIVersion:"ran.openshift.io/v1alpha1", ResourceVersion:"33942064", FieldPath:""}, Reason:"UpgradeTimedOut", Message:"The ClusterGroupUpgrade CR policies are taking too long to complete", Source:v1.EventSource{Component:"ClusterGroupUpgrade", Host:""}, FirstTimestamp:time.Date(2022, time.May, 12, 13, 38, 39, 664579326, time.Local), LastTimestamp:time.Date(2022, time.May, 12, 13, 38, 39, 664579326, time.Local), Count:1, Type:"Warning", EventTime:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), Series:(*v1.EventSeries)(nil), Action:"", Related:(*v1.ObjectReference)(nil), ReportingController:"", ReportingInstance:""}': 'events is forbidden: User "system:serviceaccount:openshift-cluster-group-upgrades:cluster-group-upgrades-controller-manager" cannot create resource "events" in API group "" in the namespace "ztp-upgrade"' (will not retry!) Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1. Start an upgrade with short timeout 2. 3. Actual results: Timeout event gets rejected Expected results: Events published successfully Additional info: