oc get managedclusteraddon -n 1u96hviqicdnstdd87heiq76m6k89sl1
NAME                          AVAILABLE   DEGRADED   PROGRESSING
cert-policy-controller        Unknown                
config-policy-controller      Unknown                
governance-policy-framework   Unknown                
iam-policy-controller         Unknown                
work-manager                  Unknown  

oc get po -n open-cluster-management-agent-addon 
NAME                                           READY   STATUS    RESTARTS   AGE
cert-policy-controller-6f78fdb8f-w6drh         0/1     Pending   0          4m36s
config-policy-controller-c649b9667-sdz78       0/1     Pending   0          4h46m
governance-policy-framework-6dd9fcdb6b-54vlm   0/3     Pending   0          4h47m
iam-policy-controller-76fd5575dc-mlnjh         0/1     Pending   0          4m36s
klusterlet-addon-workmgr-7ccf9864b4-czvjv      0/1     Pending   0          4h45m 

 oc describe po -n open-cluster-management-agent-addon cert-policy-controller-6f78fdb8f-w6drh
Name:           cert-policy-controller-6f78fdb8f-w6drh
Namespace:      open-cluster-management-agent-addon
Priority:       0
Node:           ip-10-100-131-44.ec2.internal/10.100.131.44
Start Time:     Tue, 23 Aug 2022 16:08:12 +0000
Labels:         app=cert-policy-controller
                chart=cert-policy-controller-2.2.0
                heritage=Helm
                pod-template-hash=6f78fdb8f
                release=cert-policy-controller
Annotations:    openshift.io/scc: restricted-v2
                seccomp.security.alpha.kubernetes.io/pod: runtime/default
Status:         Pending
IP:             
IPs:            <none>
Controlled By:  ReplicaSet/cert-policy-controller-6f78fdb8f
Containers:
  cert-policy-controller:
    Container ID:  
    Image:         quay.io/stolostron/cert-policy-controller@sha256:f0bb71377b9270681c0ff2362b34efcf4b830788fcb6ec56db01fee3d8e4c354
    Image ID:      
    Port:          <none>
    Host Port:     <none>
    Args:
      --enable-lease=true
      --cluster-name=1u96hviqicdnstdd87heiq76m6k89sl1
      --update-frequency=30
      --log-encoder=console
      --log-level=0
      --v=-1
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Limits:
      memory:  300Mi
    Requests:
      memory:   150Mi
    Liveness:   exec [sh -c pgrep cert-policy -l] delay=30s timeout=5s period=10s #success=1 #failure=3
    Readiness:  exec [sh -c exec echo start certificate-policy-controller] delay=10s timeout=2s period=10s #success=1 #failure=3
    Environment:
      WATCH_NAMESPACE:  1u96hviqicdnstdd87heiq76m6k89sl1
      POD_NAME:         cert-policy-controller-6f78fdb8f-w6drh (v1:metadata.name)
      OPERATOR_NAME:    cert-policy-controller
      HTTP_PROXY:       
      HTTPS_PROXY:      
      NO_PROXY:         
    Mounts:
      /var/run/klusterlet from klusterlet-config (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-s9gfv (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  klusterlet-config:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  cert-policy-controller-hub-kubeconfig
    Optional:    false
  kube-api-access-s9gfv:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
    ConfigMapName:           openshift-service-ca.crt
    ConfigMapOptional:       <nil>
QoS Class:                   Burstable
Node-Selectors:              <none>
Tolerations:                 CriticalAddonsOnly op=Exists
                             dedicated:NoSchedule op=Exists
                             node-role.kubernetes.io/infra:NoSchedule op=Exists
                             node.kubernetes.io/memory-pressure:NoSchedule op=Exists
                             node.kubernetes.io/not-ready:NoSchedule op=Exists
                             node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason             Age                  From                Message
  ----     ------             ----                 ----                -------
  Warning  FailedScheduling   5m12s                default-scheduler   0/2 nodes are available: 2 node(s) had untolerated taint {node.kubernetes.io/unschedulable: }, 2 node(s) were unschedulable. preemption: 0/2 nodes are available: 2 Preemption is not helpful for scheduling.
  Normal   Scheduled          36s                  default-scheduler   Successfully assigned open-cluster-management-agent-addon/cert-policy-controller-6f78fdb8f-w6drh to ip-10-100-131-44.ec2.internal by kube-scheduler-7c679c8f5-dcw5x
  Normal   NotTriggerScaleUp  63s (x25 over 5m3s)  cluster-autoscaler  pod didn't trigger scale-up:
  Warning  FailedMount        15s (x6 over 30s)    kubelet             MountVolume.SetUp failed for volume "klusterlet-config" : object "open-cluster-management-agent-addon"/"cert-policy-controller-hub-kubeconfig" not registered
  Warning  FailedMount        14s (x6 over 30s)    kubelet             MountVolume.SetUp failed for volume "kube-api-access-s9gfv" : [object "open-cluster-management-agent-addon"/"kube-root-ca.crt" not registered, object "open-cluster-management-agent-addon"/"openshift-service-ca.crt" not registered]
  Warning  NetworkNotReady    6s (x13 over 30s)    kubelet             network is not ready: container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:Network plugin returns error: No CNI configuration file in /etc/kubernetes/cni/net.d/. Has your network provider started?