Master/healthz returns 403Forbidden during upgrade to OCP 3.6
Issue
Executing:
curl https://<master-fqdn>/healthz
prints
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "User \"system:anonymous\" cannot \"get\" on \"/healthz\"",
"reason": "Forbidden",
"details": {},
"code": 403
}
Environment
While upgrading OpenShift 3.5 to 3.6 we see that
# curl https://<master-fqdn>/healthz
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "User \"system:anonymous\" cannot \"get\" on \"/healthz\"",
"reason": "Forbidden",
"details": {},
"code": 403
}
This is an error. In atomic-openshift-master-api logs we can see messages similar to
<date> <time> <master_fqdn> atomic-openshift-master-api[87060]: I0315 15:37:01.534660 87060 round_trippers.go:405] GET <master_url>/apis/authorization.openshift.io/v1/policies?resourceVersion=0 404 Not Found in 0 milliseconds
and
<date> <time> <master_fqdn> atomic-openshift-master-api[<pid>]: E0315 <timestamp> <pid> reflector.go:201] github.com/openshift/origin/pkg/authorization/generated/informers /internalversion/factory.go:45: Failed to list *authorization.Policy: the server could not find the requested resource
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.