Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-16366

[AWS] secret "capa-manager-bootstrap-credentials" not found

    XMLWordPrintable

Details

    • Important
    • No
    • Proposed
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem:

      capa-controller-manage failed to run due to secret "capa-manager-bootstrap-credentials" not found

      MacBook-Pro:k8sgpt jianzhang$ oc get pods
      NAME                                               READY   STATUS              RESTARTS   AGE
      capa-controller-manager-69c6474d74-9fktz           0/1     ContainerCreating   0          3h46m
      capi-controller-manager-5fd5b8c5c4-cn5h6           1/1     Running             0          3h47m
      capi-operator-controller-manager-876c77594-r5zpx   2/2     Running             0          3h47m
      cluster-capi-operator-5b98978fd9-5x5wb             1/1     Running             0          3h47m
      
      Events:
        Type     Reason       Age                      From     Message
        ----     ------       ----                     ----     -------
        Warning  FailedMount  10m (x95 over 3h43m)     kubelet  Unable to attach or mount volumes: unmounted volumes=[credentials], unattached volumes=[], failed to process volumes=[]: timed out waiting for the condition
        Warning  FailedMount  3m57s (x117 over 3h45m)  kubelet  MountVolume.SetUp failed for volume "credentials" : secret "capa-manager-bootstrap-credentials" not found

      Version-Release number of selected component (if applicable):

      Cluster version is 4.14.0-0.nightly-2023-07-18-085740

      How reproducible:

      always

      Steps to Reproduce:

      1. Install OCP4.14
      2. Enable TP
      $ oc patch featuregate cluster -p '{"spec": {"featureSet": "TechPreviewNoUpgrade"}}' --type=merge
      
       3. Scanning this clsuter.
      MacBook-Pro:bin jianzhang$ ./k8sgpt analyze
      AI Provider: openai0 openshift-cluster-api/capa-metrics-service(capa-metrics-service)
      - Error: Service has no endpoints, expected label cluster.x-k8s.io/provider=infrastructure-aws1 openshift-cluster-api/capa-webhook-service(capa-webhook-service)
      - Error: Service has no endpoints, expected label cluster.x-k8s.io/provider=infrastructure-aws
      
      MacBook-Pro:k8sgpt jianzhang$ oc get ep
      NAME                                               ENDPOINTS          AGE
      capa-metrics-service                               <none>             3h18m
      capa-webhook-service                               <none>             3h18m
      capi-operator-controller-manager-metrics-service   10.128.2.10:8443   3h19m
      capi-operator-webhook-service                      10.128.2.10:9443   3h19m
      capi-webhook-service                               10.128.2.12:9443   3h18m
      cluster-capi-operator-webhook-service              10.129.0.38:9443   3h19m
      
      MacBook-Pro:k8sgpt jianzhang$ oc get pods
      NAME                                               READY   STATUS              RESTARTS   AGE
      capa-controller-manager-69c6474d74-9fktz           0/1     ContainerCreating   0          3h19m
      capi-controller-manager-5fd5b8c5c4-cn5h6           1/1     Running             0          3h19m
      capi-operator-controller-manager-876c77594-r5zpx   2/2     Running             0          3h20m
      cluster-capi-operator-5b98978fd9-5x5wb             1/1     Running             0          3h20m
       

      Actual results:

      Events:
        Type     Reason       Age                      From     Message
        ----     ------       ----                     ----     -------
        Warning  FailedMount  10m (x95 over 3h43m)     kubelet  Unable to attach or mount volumes: unmounted volumes=[credentials], unattached volumes=[], failed to process volumes=[]: timed out waiting for the condition
        Warning  FailedMount  3m57s (x117 over 3h45m)  kubelet  MountVolume.SetUp failed for volume "credentials" : secret "capa-manager-bootstrap-credentials" not found

      Expected results:

      capa-controller-manager runs well.

      Additional info:

      MacBook-Pro:k8sgpt jianzhang$ oc get secret
      NAME                                         TYPE                                  DATA   AGE
      builder-dockercfg-gzlwj                      kubernetes.io/dockercfg               1      3h58m
      builder-token-sd9zk                          kubernetes.io/service-account-token   4      3h58m
      capa-controller-manager-dockercfg-79wsh      kubernetes.io/dockercfg               1      3h47m
      capa-controller-manager-token-ntt2d          kubernetes.io/service-account-token   4      3h47m
      capa-webhook-service-cert                    kubernetes.io/tls                     2      3h46m
      capg-manager-dockercfg-662jf                 kubernetes.io/dockercfg               1      3h47m
      capg-manager-token-h4d66                     kubernetes.io/service-account-token   4      3h47m
      capi-ibmcloud-manager-dockercfg-r6hqd        kubernetes.io/dockercfg               1      3h47m
      capi-ibmcloud-manager-token-gdpr2            kubernetes.io/service-account-token   4      3h47m
      capi-manager-dockercfg-vwfpj                 kubernetes.io/dockercfg               1      3h47m
      capi-manager-token-s9v2t                     kubernetes.io/service-account-token   4      3h47m
      capi-operator-webhook-service-cert           kubernetes.io/tls                     2      3h47m
      capi-webhook-service-cert                    kubernetes.io/tls                     2      3h46m
      capz-manager-dockercfg-x47lr                 kubernetes.io/dockercfg               1      3h47m
      capz-manager-token-v98td                     kubernetes.io/service-account-token   4      3h47m
      cluster-capi-operator-dockercfg-hhfsl        kubernetes.io/dockercfg               1      3h47m
      cluster-capi-operator-secret                 kubernetes.io/service-account-token   4      23m
      cluster-capi-operator-token-hsdwx            kubernetes.io/service-account-token   4      3h47m
      cluster-capi-operator-webhook-service-cert   kubernetes.io/tls                     2      3h47m
      default-dockercfg-jfppk                      kubernetes.io/dockercfg               1      3h58m
      default-token-shhnf                          kubernetes.io/service-account-token   4      3h58m
      deployer-dockercfg-gw628                     kubernetes.io/dockercfg               1      3h58m
      deployer-token-29djh                         kubernetes.io/service-account-token   4      3h58m
      qe-daily1-414-0719-q9zgg-kubeconfig          cluster.x-k8s.io/secret               1      3h46m
      worker-user-data                             Opaque                                1      3h46m
      MacBook-Pro:k8sgpt jianzhang$ oc get secret|grep bootstrap
      MacBook-Pro:k8sgpt jianzhang$ 
      
      MacBook-Pro:k8sgpt jianzhang$ oc get infrastructure  cluster -o yaml
      apiVersion: config.openshift.io/v1
      kind: Infrastructure
      metadata:
        creationTimestamp: "2023-07-18T23:11:36Z"
        generation: 1
        name: cluster
        resourceVersion: "517"
        uid: 18488887-456d-4aa5-b1e0-4cdf09b3f647
      spec:
        cloudConfig:
          name: ""
        platformSpec:
          aws: {}
          type: AWS
      status:
        apiServerInternalURI: https://api-int.qe-daily1-414-0719.qe.devcluster.openshift.com:6443
        apiServerURL: https://api.qe-daily1-414-0719.qe.devcluster.openshift.com:6443
        controlPlaneTopology: HighlyAvailable
        cpuPartitioning: None
        etcdDiscoveryDomain: ""
        infrastructureName: qe-daily1-414-0719-q9zgg
        infrastructureTopology: HighlyAvailable
        platform: AWS
        platformStatus:
          aws:
            region: us-west-1
          type: AWS

      Attachments

        Issue Links

          Activity

            People

              joelspeed Joel Speed
              rhn-support-jiazha Jian Zhang
              Zhaohua Sun Zhaohua Sun
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: