Loading...

XML

Word

Printable

Type: Bug
Resolution: Duplicate
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.14.0
Component/s: Cloud Compute / Other Provider
Labels:
- k8sgpt

Severity:
Important
Regression:
No
Release Blocker:
Proposed
Blocked:
False
Blocked Reason:

Hide

None

Show
None

SFDC Cases Counter:
SFDC Cases Links:

Description of problem:

capa-controller-manage failed to run due to secret "capa-manager-bootstrap-credentials" not found

MacBook-Pro:k8sgpt jianzhang$ oc get pods
NAME                                               READY   STATUS              RESTARTS   AGE
capa-controller-manager-69c6474d74-9fktz           0/1     ContainerCreating   0          3h46m
capi-controller-manager-5fd5b8c5c4-cn5h6           1/1     Running             0          3h47m
capi-operator-controller-manager-876c77594-r5zpx   2/2     Running             0          3h47m
cluster-capi-operator-5b98978fd9-5x5wb             1/1     Running             0          3h47m

Events:
  Type     Reason       Age                      From     Message
  ----     ------       ----                     ----     -------
  Warning  FailedMount  10m (x95 over 3h43m)     kubelet  Unable to attach or mount volumes: unmounted volumes=[credentials], unattached volumes=[], failed to process volumes=[]: timed out waiting for the condition
  Warning  FailedMount  3m57s (x117 over 3h45m)  kubelet  MountVolume.SetUp failed for volume "credentials" : secret "capa-manager-bootstrap-credentials" not found

Version-Release number of selected component (if applicable):

Cluster version is 4.14.0-0.nightly-2023-07-18-085740

How reproducible:

always

Steps to Reproduce:

1. Install OCP4.14
2. Enable TP
$ oc patch featuregate cluster -p '{"spec": {"featureSet": "TechPreviewNoUpgrade"}}' --type=merge

 3. Scanning this clsuter.
MacBook-Pro:bin jianzhang$ ./k8sgpt analyze
AI Provider: openai0 openshift-cluster-api/capa-metrics-service(capa-metrics-service)
- Error: Service has no endpoints, expected label cluster.x-k8s.io/provider=infrastructure-aws1 openshift-cluster-api/capa-webhook-service(capa-webhook-service)
- Error: Service has no endpoints, expected label cluster.x-k8s.io/provider=infrastructure-aws

MacBook-Pro:k8sgpt jianzhang$ oc get ep
NAME                                               ENDPOINTS          AGE
capa-metrics-service                               <none>             3h18m
capa-webhook-service                               <none>             3h18m
capi-operator-controller-manager-metrics-service   10.128.2.10:8443   3h19m
capi-operator-webhook-service                      10.128.2.10:9443   3h19m
capi-webhook-service                               10.128.2.12:9443   3h18m
cluster-capi-operator-webhook-service              10.129.0.38:9443   3h19m

MacBook-Pro:k8sgpt jianzhang$ oc get pods
NAME                                               READY   STATUS              RESTARTS   AGE
capa-controller-manager-69c6474d74-9fktz           0/1     ContainerCreating   0          3h19m
capi-controller-manager-5fd5b8c5c4-cn5h6           1/1     Running             0          3h19m
capi-operator-controller-manager-876c77594-r5zpx   2/2     Running             0          3h20m
cluster-capi-operator-5b98978fd9-5x5wb             1/1     Running             0          3h20m

Actual results:

Events:
  Type     Reason       Age                      From     Message
  ----     ------       ----                     ----     -------
  Warning  FailedMount  10m (x95 over 3h43m)     kubelet  Unable to attach or mount volumes: unmounted volumes=[credentials], unattached volumes=[], failed to process volumes=[]: timed out waiting for the condition
  Warning  FailedMount  3m57s (x117 over 3h45m)  kubelet  MountVolume.SetUp failed for volume "credentials" : secret "capa-manager-bootstrap-credentials" not found

Expected results:

capa-controller-manager runs well.

Additional info:

MacBook-Pro:k8sgpt jianzhang$ oc get secret
NAME                                         TYPE                                  DATA   AGE
builder-dockercfg-gzlwj                      kubernetes.io/dockercfg               1      3h58m
builder-token-sd9zk                          kubernetes.io/service-account-token   4      3h58m
capa-controller-manager-dockercfg-79wsh      kubernetes.io/dockercfg               1      3h47m
capa-controller-manager-token-ntt2d          kubernetes.io/service-account-token   4      3h47m
capa-webhook-service-cert                    kubernetes.io/tls                     2      3h46m
capg-manager-dockercfg-662jf                 kubernetes.io/dockercfg               1      3h47m
capg-manager-token-h4d66                     kubernetes.io/service-account-token   4      3h47m
capi-ibmcloud-manager-dockercfg-r6hqd        kubernetes.io/dockercfg               1      3h47m
capi-ibmcloud-manager-token-gdpr2            kubernetes.io/service-account-token   4      3h47m
capi-manager-dockercfg-vwfpj                 kubernetes.io/dockercfg               1      3h47m
capi-manager-token-s9v2t                     kubernetes.io/service-account-token   4      3h47m
capi-operator-webhook-service-cert           kubernetes.io/tls                     2      3h47m
capi-webhook-service-cert                    kubernetes.io/tls                     2      3h46m
capz-manager-dockercfg-x47lr                 kubernetes.io/dockercfg               1      3h47m
capz-manager-token-v98td                     kubernetes.io/service-account-token   4      3h47m
cluster-capi-operator-dockercfg-hhfsl        kubernetes.io/dockercfg               1      3h47m
cluster-capi-operator-secret                 kubernetes.io/service-account-token   4      23m
cluster-capi-operator-token-hsdwx            kubernetes.io/service-account-token   4      3h47m
cluster-capi-operator-webhook-service-cert   kubernetes.io/tls                     2      3h47m
default-dockercfg-jfppk                      kubernetes.io/dockercfg               1      3h58m
default-token-shhnf                          kubernetes.io/service-account-token   4      3h58m
deployer-dockercfg-gw628                     kubernetes.io/dockercfg               1      3h58m
deployer-token-29djh                         kubernetes.io/service-account-token   4      3h58m
qe-daily1-414-0719-q9zgg-kubeconfig          cluster.x-k8s.io/secret               1      3h46m
worker-user-data                             Opaque                                1      3h46m
MacBook-Pro:k8sgpt jianzhang$ oc get secret|grep bootstrap
MacBook-Pro:k8sgpt jianzhang$ 

MacBook-Pro:k8sgpt jianzhang$ oc get infrastructure  cluster -o yaml
apiVersion: config.openshift.io/v1
kind: Infrastructure
metadata:
  creationTimestamp: "2023-07-18T23:11:36Z"
  generation: 1
  name: cluster
  resourceVersion: "517"
  uid: 18488887-456d-4aa5-b1e0-4cdf09b3f647
spec:
  cloudConfig:
    name: ""
  platformSpec:
    aws: {}
    type: AWS
status:
  apiServerInternalURI: https://api-int.qe-daily1-414-0719.qe.devcluster.openshift.com:6443
  apiServerURL: https://api.qe-daily1-414-0719.qe.devcluster.openshift.com:6443
  controlPlaneTopology: HighlyAvailable
  cpuPartitioning: None
  etcdDiscoveryDomain: ""
  infrastructureName: qe-daily1-414-0719-q9zgg
  infrastructureTopology: HighlyAvailable
  platform: AWS
  platformStatus:
    aws:
      region: us-west-1
    type: AWS

is caused by

OCPBUGS-16313 CCO SA/cloud-credential-operator cannot list ConfigMaps at the cluster scope

Closed

relates to

OCPBUGS-16015 [Azure] in Azure workload identity cluster the secret "capz-manager-bootstrap-credentials" is missing.

Closed

Assignee:: Joel Speed

Reporter:: Jian Zhang

QA Contact:: Zhaohua Sun

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2023/07/19 7:57 AM

Updated:: 2023/07/19 8:57 AM

Resolved:: 2023/07/19 8:56 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates