Unexpected audit logs from system:admin user in system:masters group

Solution Unverified - Updated -


After configuring OpenShift's Kubernetes API audit logs to collect all accesses from users in the system:masters group, there are a number of requests coming from the system:admin user.

This should not be happening as the system:admin user is protected within our company and we are not making normal users members of the system:masters group.

Every day at the same time of day the system:admin user performs 4 GET requests on the following API endpoints:

  • /apis/config.openshift.io/v1/clusteroperators/etcd
  • /apis/config.openshift.io/v1/clusteroperators/kube-scheduler
  • /apis/config.openshift.io/v1/clusteroperators/kube-controller-manager
  • /apis/config.openshift.io/v1/clusteroperators/kube-apiserver

Have the system:admin credentials been compromised and is this a security concern?


OpenShift 4.8+

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content