-
Bug
-
Resolution: Done
-
Critical
-
ACM 2.7.0
-
5
-
False
-
None
-
False
-
-
-
ACM Sprint 24, ACM Sprint 25, ACM Sprint 26
-
Important
-
No
Description of problem: Deployed gatekeeper operator by the policy template `Install Gatekeeper`, but gatekeeper is not deployed successful on the OCP 4.12 with below error.
Checked out it maybe due to pod-security-policy is removed from k8s 1.25, which is version in OCP 4.12
https://kubernetes.io/docs/concepts/security/pod-security-policy/
2022-12-12T09:11:19.832Z INFO controllers.Gatekeeper Validating gatekeeper-controller-manager deployment status
2022-12-12T09:11:19.837Z INFO controllers.Gatekeeper Deployment not found, will set webhook failure policy to ignore and requeue...
2022-12-12T09:11:19.845Z INFO controllers.Gatekeeper Updated Gatekeeper resource {"Gatekeeper resource": "/openshift-gatekeeper-system"}
2022-12-12T09:11:19.854Z INFO controllers.Gatekeeper Updated Gatekeeper resource {"Gatekeeper resource": "openshift-gatekeeper-system/gatekeeper-critical-pods"}
2022-12-12T09:11:19.868Z INFO controllers.Gatekeeper Updated Gatekeeper resource {"Gatekeeper resource": "/configs.config.gatekeeper.sh"}
2022-12-12T09:11:19.881Z INFO controllers.Gatekeeper Updated Gatekeeper resource {"Gatekeeper resource": "/constrainttemplates.templates.gatekeeper.sh"}
2022-12-12T09:11:19.891Z INFO controllers.Gatekeeper Updated Gatekeeper resource {"Gatekeeper resource": "/constrainttemplatepodstatuses.status.gatekeeper.sh"}
2022-12-12T09:11:19.900Z INFO controllers.Gatekeeper Updated Gatekeeper resource {"Gatekeeper resource": "/constraintpodstatuses.status.gatekeeper.sh"}
2022-12-12T09:11:19.918Z INFO controllers.Gatekeeper Updated Gatekeeper resource {"Gatekeeper resource": "openshift-gatekeeper-system/gatekeeper-webhook-server-cert"}
2022-12-12T09:11:19.928Z INFO controllers.Gatekeeper Updated Gatekeeper resource {"Gatekeeper resource": "openshift-gatekeeper-system/gatekeeper-admin"}
I1212 09:11:20.978547 1 request.go:668] Waited for 1.047264271s due to client-side throttling, not priority and fairness, request: GET:https://172.30.0.1:443/apis/packages.operators.coreos.com/v1?timeout=32s
2022-12-12T09:11:22.832Z ERROR controller-runtime.manager.controller.gatekeeper Reconciler error {"reconciler group": "operator.gatekeeper.sh", "reconciler kind": "Gatekeeper", "name": "gatekeeper", "namespace": "", "error": "Unable to deploy Gatekeeper resources: Error attempting to get resource /gatekeeper-admin: no matches for kind \"PodSecurityPolicy\" in version \"policy/v1beta1\"", "errorVerbose": "no matches for kind \"PodSecurityPolicy\" in version \"policy/v1beta1\"\nError attempting to get resource /gatekeeper-admin\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).crudResource\n\t/remote-source/app/controllers/gatekeeper_controller.go:454\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).applyAsset\n\t/remote-source/app/controllers/gatekeeper_controller.go:297\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).applyAssets\n\t/remote-source/app/controllers/gatekeeper_controller.go:275\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).deployGatekeeperResources\n\t/remote-source/app/controllers/gatekeeper_controller.go:244\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).Reconcile\n\t/remote-source/app/controllers/gatekeeper_controller.go:200\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/remote-source/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:298\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/remote-source/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:253\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/remote-source/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:214\nruntime.goexit\n\t/usr/lib/golang/src/runtime/asm_amd64.s:1571\nUnable to deploy Gatekeeper resources\ngithub.com/gatekeeper/gatekeeper-operator/controllers.(*GatekeeperReconciler).Reconcile\n\t/remote-source/app/controllers/gatekeeper_controller.go:202\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/remote-source/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:298\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/remote-source/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:253\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/remote-source/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:214\nruntime.goexit\n\t/usr/lib/golang/src/runtime/asm_amd64.s:1571"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
/remote-source/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:253
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
/remote-source/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:214
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
- Create policy by enable etced encryption template
- gatekeeper is deployed on local-clsuter OCP 4.11, but failed on the OCP 4.12
- check the operator pod and found the above error
