Unexpected audit logs from system:admin user in system:masters group

Issue

After configuring OpenShift's Kubernetes API audit logs to collect all accesses from users in the system:masters group, there are a number of requests coming from the system:admin user.

This should not be happening as the system:admin user is protected within our company and we are not making normal users members of the system:masters group.

Every day at the same time of day the system:admin user performs 4 GET requests on the following API endpoints:

/apis/config.openshift.io/v1/clusteroperators/etcd
/apis/config.openshift.io/v1/clusteroperators/kube-scheduler
/apis/config.openshift.io/v1/clusteroperators/kube-controller-manager
/apis/config.openshift.io/v1/clusteroperators/kube-apiserver

Have the system:admin credentials been compromised and is this a security concern?

Environment

OpenShift 4.8+

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Select Your Language

Unexpected audit logs from system:admin user in system:masters group

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links