Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-4338

Need to combine Eviction interdependent remediation together.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Normal
    • None
    • 4.11.0
    • Compliance Operator
    • None
    • ?
    • CMP Sprint 56, CMP Sprint 57, CMP Sprint 58
    • 3
    • Hide

      None

      Show
      None
    • Hide
      Cause: The compliance operator would generate remediations for kubelet evictions based on Machine Config Pool name and a grace period.

      Consequence: This would result in multiple remediations for a single eviction rule. Each remediation name would be appended with `-1`, `-2`, etc.. Applying a single remediation might cause issues with subsequent scans since not all remediations were app.ied across node pools.

      Fix: Update the compliance operator to the latest version.

      Result: The compliance operator will apply all remediations for a single rule, so it's completely remediated.
      Show
      Cause: The compliance operator would generate remediations for kubelet evictions based on Machine Config Pool name and a grace period. Consequence: This would result in multiple remediations for a single eviction rule. Each remediation name would be appended with `-1`, `-2`, etc.. Applying a single remediation might cause issues with subsequent scans since not all remediations were app.ied across node pools. Fix: Update the compliance operator to the latest version. Result: The compliance operator will apply all remediations for a single rule, so it's completely remediated.
    • Bug Fix

    Description

      Description of problem:

      If any eviction rule fails then compliance will generate the 4-5 remediation for this and each remediation set eviction values in kubeletconfig. These values are interdependent on each other so if one value is missing in kubelet config then we will face an issue with kubelet.

      Is it possible to combine dependent values the remediation together?

      [0] https://access.redhat.com/solutions/6972282 (KCS represent a problem with kubelet because of not setting graceperiod values)

      ~~~
      ocp4-high-kubelet-eviction-thresholds-set-soft-nodefs-inodesfree NotApplied
      ocp4-high-kubelet-eviction-thresholds-set-soft-nodefs-inodesfree-1 NotApplied
      ocp4-high-kubelet-eviction-thresholds-set-soft-nodefs-inodesfree-2 NotApplied
      ocp4-high-kubelet-eviction-thresholds-set-soft-nodefs-inodesfree-3 NotApplied
      ocp4-high-kubelet-eviction-thresholds-set-soft-nodefs-inodesfree-4 NotApplied
      ocp4-high-kubelet-eviction-thresholds-set-soft-nodefs-inodesfree-5 NotApplied
      ~~~

      Attachments

        Activity

          People

            wenshen@redhat.com Vincent Shen
            rhn-support-agawand Asmita Gawand
            Xiaojie Yuan Xiaojie Yuan
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: