-
Bug
-
Resolution: Done
-
Blocker
-
None
-
False
-
None
-
False
-
-
-
No
Description of problem
In the SD environment, in some cases the klusterlet-* namespace is active and remains after the HC is deleted.
This looks like the manifestwork did not get deleted, and causes the configurationpolicy controller to get added back on the management cluster.
oc get pods -n klusterlet-225u08aaekp5365uokba4pg4cef1ujme
NAME READY STATUS RESTARTS AGE
config-policy-controller-5fb65c4659-vc95f 0/1 ContainerCreating 0 87s
config-policy-controller-uninstall 0/1 Completed 0 87s
oc logs config-policy-controller-uninstall -n klusterlet-225u08aaekp5365uokba4pg4cef1ujme
I0308 07:02:58.105585 1 triggeruninstall.go:31] Setting the Deployment uninstall annotation
2023-03-08T07:02:58.130Z info klog rest/warnings.go:70 would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "config-policy-controller" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "config-policy-controller" must set securityContext.capabilities.drop=["ALL"]), seccompProfile (pod or container "config-policy-controller" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
I0308 07:02:58.130713 1 triggeruninstall.go:72] Checking if the uninstall preparation is complete
:
Version-Release number of selected component (if applicable):
2.7.2
How reproducible:
Steps to Reproduce:
- ...
Actual results:
Expected results:
Additional info:
- is cloned by
-
ACM-4908 configuration-policy controller not removed completely intermittently
- Closed