CloudCredentialOperatorProvisioningFailed alert firing in OpenShift 4 clusters on GCP

Solution Verified - Updated -

Issue

  • The CloudCredentialOperatorProvisioningFailed alert is firing in OpenShift 4 clusters installed in GCP.

  • The cloud-credential Cluster Operator is Degraded with messages like:

    Raw
    message: 1 of 7 credentials requests are failing to sync.
    Raw
    message: 6 of 7 credentials requests provisioned, 1 reporting errors.

  • Errors similar to the following ones are shown in the cloud-credential-operator logs:

    Raw
    level=warning msg="Detected some unallowed permissions: [certificatemanager.certmaps.get certificatemanager.certmaps.use]" actuator=gcp cr=openshift-cloud-credential-operator/openshift-machine-api-gcp
level=error msg="error syncing credentials: cloud root creds do not have enough permissions to be used as-is" controller=credreq cr=openshift-cloud-credential-operator/openshift-machine-api-gcp secret=openshift-machine-api/gcp-cloud-credentials
level=error msg="errored with condition: CredentialsProvisionFailure" controller=credreq cr=openshift-cloud-credential-operator/openshift-machine-api-gcp secret=openshift-machine-api/gcp-cloud-credentials

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4
  • Google Cloud Platform (GCP)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content