Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-7983

Failed to scan for hypershift guest cluster due to api-checks-pod crashed

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • 4.12.z
    • Compliance Operator
    • None
    • Important
    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      When trying to scan for hypershift hosted cluster, the api-checks-pod will crash
$ oc logs pod/hypershift-version-api-checks-pod --all-containers…
Fetching URI: '/api/v1/namespaces/openshift-kube-apiserver/pods?labelSelector=app%3Dkube-controller-manager'FATAL:Error fetching resources: couldn't filter '{"kind":"PodList","apiVersion":"v1","metadata":{"resourceVersion":"142819"},"items":[]}': fromjson cannot be applied to: nullError from server (BadRequest): container "log-collector" in pod "hypershift-version-api-checks-pod" is waiting to start: PodInitializing

      Version-Release number of selected component (if applicable):

       4.13.0-0.nightly-2023-02-26-081527 + compliance-operator.v0.1.61

      How reproducible:

      Always

      Steps to Reproduce:

      1. Install compliance operator 
2. Create a tp:
 
$ oc get hostedcluster -A
NAMESPACE   NAME      VERSION                              KUBECONFIG                 PROGRESS    AVAILABLE   PROGRESSING   MESSAGE
clusters    demo-02   4.13.0-0.nightly-2023-02-26-081527   demo-02-admin-kubeconfig   Completed   True        False         The hosted control plane is available
$ oc apply -f -<<EOF
apiVersion: compliance.openshift.io/v1alpha1
kind: TailoredProfile
metadata:
 name: hypershift-version
spec:
 description: Scans a hypershift guest cluster
 setValues:
   - name: ocp4-hypershift-cluster
     rationale: Scan this cluster
     value: demo-02
 extends: ocp4-cis
 title: CIS for hypershift guest cluster
EOF
3. Create a ssb:
$ oc compliance bind -N test -S default tailoredprofile/hypershift-version
Creating ScanSettingBinding test
Actual results:
The compliancesuite will stuck at Running status, the api-checks-pod  will crash
$ oc get pod
NAME                                              READY   STATUS                  RESTARTS       AGE
compliance-operator-6fd44dbcb9-ldvwt              1/1     Running                 1 (11m ago)    11m
hypershift-version-api-checks-pod                 0/2     Init:CrashLoopBackOff   5 (105s ago)   5m40s
hypershift-version-rs-68859db97b-hrpfw            1/1     Running                 0              5m40s
ocp4-openshift-compliance-pp-5b857847d-d6j9z      1/1     Running                 0              10m
rhcos4-openshift-compliance-pp-694444d8bd-jnkbv   1/1     Running                 0              10m
$ oc logs pod/hypershift-version-api-checks-pod --all-containers
…
Fetching URI: '/api/v1/namespaces/openshift-kube-apiserver/pods?labelSelector=app%3Dkube-controller-manager'
FATAL:Error fetching resources: couldn't filter '{"kind":"PodList","apiVersion":"v1","metadata":
{"resourceVersion":"142819"}
,"items":[]}
': fromjson cannot be applied to: null
Error from server (BadRequest): container "log-collector" in pod "hypershift-version-api-checks-pod" is waiting to start: PodInitializing

       

      Expected results:

      The scan should finished quickly and return COMPLIANT or NON-COMPLIANT

      Additional info:

       

            wenshen@redhat.com Vincent Shen
            xiyuan@redhat.com Xiaojie Yuan
            Xiaojie Yuan Xiaojie Yuan
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: