Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-5339

Observability - Observability addon deploy failed on GKE cluster

XMLWordPrintable

    • 1
    • False
    • None
    • False
    • Observability Sprint 2023-07
    • Important
    • No

      Description of problem: Observability addon deploy failed on GKE cluster

      Version-Release number of selected component (if applicable): 2.8.0-DOWNSTREAM-2023-05-04-15-35-38

      How reproducible:

      Steps to Reproduce:

      1. Deploy MCOCR 
      2. import one GKE cluster into the Hub
      3. Other addon deployed successful, but Observability deploy failed. There are some errors in the endpoint pod
        ```
        1.6832761642667983e+09  ERROR   controllers.ObservabilityAddon  Failed to deploy DaemonSet open-cluster-management-addon-observability/node-exporter    {"Request.Namespace": "open-cluster-management-addon-observability", "Request.Name": "images-list", "error": "admission webhook \"gkepolicy.common-webhooks.networking.gke.io\" denied the request: GKE Warden rejected the request because it violates one or more constraints.\nViolations details: {\"[denied by autogke-disallow-hostnamespaces]\":[\"enabling hostPID is not allowed in Autopilot.\",\"enabling hostNetwork is not allowed in Autopilot.\"],\"[denied by autogke-no-host-port]\":[\"container kube-rbac-proxy specifies host ports [9100], which are disallowed in Autopilot.\"],\"[denied by autogke-no-write-mode-hostpath]\":[\"hostPath volume sys used in container node-exporter uses path /sys which is not allowed in Autopilot. Allowed path prefixes for hostPath volumes are: [/var/log/].\",\"hostPath volume root used in container node-exporter uses path / which is not allowed in Autopilot. Allowed path prefixes for hostPath volumes are: [/var/log/].\"]}

        \nRequested by user: 'system:serviceaccount:open-cluster-management-addon-observability:endpoint-observability-operator-sa', groups: 'system:serviceaccounts,system:serviceaccounts:open-cluster-management-addon-observability,system:authenticated'."}
        sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile
                /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:114
        sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
                /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:311
        sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
                /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:266
        sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
                /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:2271.6832761642669027e+09  ERROR   controller.observabilityaddon   Reconciler error        {"reconciler group": "observability.open-cluster-management.io", "reconciler kind": "ObservabilityAddon", "name": "images-list", "namespace": "open-cluster-management-addon-observability", "error": "admission webhook \"gkepolicy.common-webhooks.networking.gke.io\" denied the request: GKE Warden rejected the request because it violates one or more constraints.\nViolations details:

        {\"[denied by autogke-disallow-hostnamespaces]\":[\"enabling hostPID is not allowed in Autopilot.\",\"enabling hostNetwork is not allowed in Autopilot.\"],\"[denied by autogke-no-host-port]\":[\"container kube-rbac-proxy specifies host ports [9100], which are disallowed in Autopilot.\"],\"[denied by autogke-no-write-mode-hostpath]\":[\"hostPath volume sys used in container node-exporter uses path /sys which is not allowed in Autopilot. Allowed path prefixes for hostPath volumes are: [/var/log/].\",\"hostPath volume root used in container node-exporter uses path / which is not allowed in Autopilot. Allowed path prefixes for hostPath volumes are: [/var/log/].\"]}

        \nRequested by user: 'system:serviceaccount:open-cluster-management-addon-observability:endpoint-observability-operator-sa', groups: 'system:serviceaccounts,system:serviceaccounts:open-cluster-management-addon-observability,system:authenticated'."}
        sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
                /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:266
        sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
                /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:227
        ```

      Actual results:

      Expected results:

      Additional info:

            smeduri1@redhat.com Subbarao Meduri
            cquredhat ChangLiang Qu
            ACM QE Team
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: