New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 2006145: install/0000_00_cluster-version-operator_03_deployment: Explicit kube-api-access #661
Bug 2006145: install/0000_00_cluster-version-operator_03_deployment: Explicit kube-api-access #661
Conversation
@wking: This pull request references Bugzilla bug 2006145, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
5548d7d
to
904ad57
Compare
…-api-access This content is injected by an admission webhook [1,2]. When we started removing not-in-manifest volumes in 83faa6e (lib/resourcemerge/core: Remove unrecognized volumes and mounts, 2021-09-14, openshift#654), the cluster-version operator started removing the webhook-injected volume, leading to the cluster-version operator crash-looping on updates from 4.8 to 4.9 with messages like [3]: F0920 13:23:23.565439 1 start.go:24] error: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable With this commit, we follow the precedent of the Kubernetes API server's own manifest [4,5]. [1]: https://github.com/kubernetes/kubernetes/blob/2f68346fbb6246961ce0a3176418630950aea500/plugin/pkg/admission/serviceaccount/admission.go#L53-L54 [2]: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume [3]: https://bugzilla.redhat.com/show_bug.cgi?id=2005581 [4]: openshift/cluster-kube-apiserver-operator#1142 [5]: https://bugzilla.redhat.com/show_bug.cgi?id=1946479
904ad57
to
35655b9
Compare
/retest-required |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sdodson, wking The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Upstream PR has merged and this is a blocker, so labeling for merge. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
Sandbox and replica/not-ready issues are unrelated. /override ci/prow/e2e-agnostic |
/override ci/prow/e2e-agnostic |
@sdodson: Overrode contexts on behalf of sdodson: ci/prow/e2e-agnostic, ci/prow/e2e-agnostic-upgrade In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@wking: Overrode contexts on behalf of wking: ci/prow/e2e-agnostic, ci/prow/e2e-agnostic-upgrade In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@wking: All pull requests linked via external trackers have merged: Bugzilla bug 2006145 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Backporting #660 to 4.9.