[root@cert-rhosp-02 ~]# oc project openshift-workload-availability Already on project "openshift-workload-availability" on server "https://api.ocp-edge-cluster-0.qe.lab.redhat.com:6443". [root@cert-rhosp-02 ~]# oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.21.0-0.nightly-2026-02-12-134401 True False 7d13h Cluster version is 4.21.0-0.nightly-2026-02-12-134401 [root@cert-rhosp-02 ~]# oc get csv NAME DISPLAY VERSION REPLACES PHASE fence-agents-remediation.v0.7.0 Fence Agents Remediation Operator 0.7.0 fence-agents-remediation.v0.6.0 Succeeded [root@cert-rhosp-02 ~]# oc get fartemplate -o yaml apiVersion: v1 items: [] kind: List metadata: resourceVersion: "" selfLink: "" [root@cert-rhosp-02 ~]# oc get nodes NAME STATUS ROLES AGE VERSION master-0-0 Ready control-plane,master 7d14h v1.34.2 master-0-1 Ready control-plane,master 7d14h v1.34.2 master-0-2 Ready control-plane,master 7d14h v1.34.2 worker-0-0 Ready worker 7d13h v1.34.2 worker-0-1 Ready worker 7d13h v1.34.2 worker-0-2 Ready worker 7d13h v1.34.2 [root@cert-rhosp-02 ~]# oc get far No resources found in openshift-workload-availability namespace. Case 1: No SharedSecretName [root@cert-rhosp-02 ~]# oc apply -f - <<'YAML' > apiVersion: fence-agents-remediation.medik8s.io/v1alpha1 > kind: FenceAgentsRemediation > metadata: > name: rhwa613-s1 > namespace: openshift-workload-availability > spec: > agent: fence_ipmilan > retrycount: 1 > retryinterval: 5s > timeout: 60s > nodeparameters: > '--ipport': > worker-0-0: '6233' > worker-0-1: '6234' > worker-0-2: '6235' > sharedparameters: > '--action': "reboot" > '--ip': 192.168.123.1 > '--lanplus': '' > '--username': "admin" > nodeSecretNames: > worker-0-0: worker-0-cred > worker-0-1: worker-1-cred > worker-0-2: worker-2-cred > YAML fenceagentsremediation.fence-agents-remediation.medik8s.io/rhwa613-s1 created [root@cert-rhosp-02 ~]# [root@cert-rhosp-02 ~]# oc get far rhwa613-s1 -n openshift-workload-availability -o jsonpath='{.spec.sharedSecretName}' [root@cert-rhosp-02 ~]# oc delete far rhwa613-s1 -n openshift-workload-availability --ignore-not-found fenceagentsremediation.fence-agents-remediation.medik8s.io "rhwa613-s1" deleted Case 2: No name set, secret fence-agents-credentials-shared exists (CR should be updated with that name) [root@cert-rhosp-02 ~]# oc create secret generic fence-agents-credentials-shared -n openshift-workload-availability --from-literal='--username'=admin --from-literal='--password'=placeholder --dry-run=client -o yaml | oc apply -f - secret/fence-agents-credentials-shared created [root@cert-rhosp-02 ~]# [root@cert-rhosp-02 ~]# oc apply -f - <<'YAML' > apiVersion: fence-agents-remediation.medik8s.io/v1alpha1 > kind: FenceAgentsRemediation > metadata: > name: rhwa613-s2 > namespace: openshift-workload-availability > spec: > agent: fence_ipmilan > retrycount: 1 > retryinterval: 5s > timeout: 60s > nodeparameters: > '--ipport': > worker-0-0: '6233' > worker-0-1: '6234' > worker-0-2: '6235' > sharedparameters: > '--action': "off" > '--ip': 192.168.123.1 > '--lanplus': '' > nodeSecretNames: > worker-0-0: worker-0-cred > worker-0-1: worker-1-cred > worker-0-2: worker-2-cred > YAML fenceagentsremediation.fence-agents-remediation.medik8s.io/rhwa613-s2 created [root@cert-rhosp-02 ~]# [root@cert-rhosp-02 ~]# sleep 3 [root@cert-rhosp-02 ~]# oc get far rhwa613-s2 -n openshift-workload-availability -o jsonpath='{.spec.sharedSecretName}' # Expected: fence-agents-credentials-shared (operator updated CR with old default name) [root@cert-rhosp-02 ~]# oc logs -n openshift-workload-availability -l app.kubernetes.io/name=fence-agents-remediation-operator -c manager --tail=30 | grep -i secret 2026-02-23T21:36:17.297150386Z INFO fenceagentsremediationtemplate-resource Setting SharedSecretName to old default value as the secret exists {"secretName": "fence-agents-credentials-shared"} 2026-02-23T21:37:22.662706903Z INFO fenceagentsremediationtemplate-resource Setting SharedSecretName to old default value as the secret exists {"secretName": "fence-agents-credentials-shared"} 2026-02-23T21:37:22.664960628Z INFO fenceagentsremediation-params collectAllSecretParams start for node {"node": "worker-0-2"} 2026-02-23T21:37:22.66497849Z INFO fenceagentsremediation-params found a value from secret {"secret name": "fence-agents-credentials-shared", "parameter name": "--password"} 2026-02-23T21:37:22.664981323Z INFO fenceagentsremediation-params found a value from secret {"secret name": "fence-agents-credentials-shared", "parameter name": "--username"} 2026-02-23T21:37:22.664995474Z INFO fenceagentsremediation-params found a value from secret {"secret name": "worker-2-cred", "parameter name": "--password"} 2026-02-23T21:37:22.664997942Z INFO fenceagentsremediation-params collectAllSecretParams finish successfully for node {"node": "worker-0-2"} 2026-02-23T21:37:22.66502249Z INFO fenceagentsremediation-params collectAllSecretParams start for node {"node": "worker-0-0"} 2026-02-23T21:37:22.665026869Z INFO fenceagentsremediation-params found a value from secret {"secret name": "fence-agents-credentials-shared", "parameter name": "--password"} 2026-02-23T21:37:22.665029352Z INFO fenceagentsremediation-params found a value from secret {"secret name": "fence-agents-credentials-shared", "parameter name": "--username"} 2026-02-23T21:37:22.665040343Z INFO fenceagentsremediation-params found a value from secret {"secret name": "worker-0-cred", "parameter name": "--password"} 2026-02-23T21:37:22.665043303Z INFO fenceagentsremediation-params collectAllSecretParams finish successfully for node {"node": "worker-0-0"} 2026-02-23T21:37:22.665078334Z INFO fenceagentsremediation-params collectAllSecretParams start for node {"node": "worker-0-1"} 2026-02-23T21:37:22.665084138Z INFO fenceagentsremediation-params found a value from secret {"secret name": "fence-agents-credentials-shared", "parameter name": "--username"} 2026-02-23T21:37:22.665086303Z INFO fenceagentsremediation-params found a value from secret {"secret name": "fence-agents-credentials-shared", "parameter name": "--password"} 2026-02-23T21:37:22.665098687Z INFO fenceagentsremediation-params found a value from secret {"secret name": "worker-1-cred", "parameter name": "--password"} 2026-02-23T21:37:22.665103672Z INFO fenceagentsremediation-params collectAllSecretParams finish successfully for node {"node": "worker-0-1"} [root@cert-rhosp-02 ~]# [root@cert-rhosp-02 ~]# oc delete far rhwa613-s2 -n openshift-workload-availability --ignore-not-found fenceagentsremediation.fence-agents-remediation.medik8s.io "rhwa613-s2" deleted [root@cert-rhosp-02 ~]# oc delete secret fence-agents-credentials-shared -n openshift-workload-availability --ignore-not-found secret "fence-agents-credentials-shared" deleted Case 3: Old default name set, secret missing (operator should remove name from CR, not error) [root@cert-rhosp-02 ~]# oc delete secret fence-agents-credentials-shared -n openshift-workload-availability --ignore-not-found [root@cert-rhosp-02 ~]# [root@cert-rhosp-02 ~]# oc apply -f - <<'YAML' > apiVersion: fence-agents-remediation.medik8s.io/v1alpha1 > kind: FenceAgentsRemediation > metadata: > name: rhwa613-s3 > namespace: openshift-workload-availability > spec: > agent: fence_ipmilan > sharedSecretName: fence-agents-credentials-shared > retrycount: 1 > retryinterval: 5s > timeout: 60s > nodeparameters: > '--ipport': > worker-0-0: '6233' > worker-0-1: '6234' > worker-0-2: '6235' > sharedparameters: > '--action': "off" > '--ip': 192.168.123.1 > '--lanplus': '' > nodeSecretNames: > worker-0-0: worker-0-cred > worker-0-1: worker-1-cred > worker-0-2: worker-2-cred > YAML fenceagentsremediation.fence-agents-remediation.medik8s.io/rhwa613-s3 created [root@cert-rhosp-02 ~]# [root@cert-rhosp-02 ~]# sleep 5 [root@cert-rhosp-02 ~]# oc get far rhwa613-s3 -n openshift-workload-availability -o jsonpath='{.spec.sharedSecretName}' [root@cert-rhosp-02 ~]# oc delete far rhwa613-s3 -n openshift-workload-availability --ignore-not-found fenceagentsremediation.fence-agents-remediation.medik8s.io "rhwa613-s3" deleted Case 4: Custom name set, secret missing (admission webhook must reject) [root@cert-rhosp-02 ~]# oc apply -f - <<'YAML' > apiVersion: fence-agents-remediation.medik8s.io/v1alpha1 > kind: FenceAgentsRemediation > metadata: > name: rhwa613-s4 > namespace: openshift-workload-availability > spec: > agent: fence_ipmilan > sharedSecretName: non-existent-secret > retrycount: 1 > retryinterval: 5s > timeout: 60s > nodeparameters: > '--ipport': > worker-0-0: '6233' > worker-0-1: '6234' > worker-0-2: '6235' > sharedparameters: > '--action': "reboot" > '--ip': 192.168.123.1 > '--lanplus': '' > nodeSecretNames: > worker-0-0: worker-0-cred > worker-0-1: worker-1-cred > worker-0-2: worker-2-cred > YAML Error from server (Forbidden): error when creating "STDIN": admission webhook "vfenceagentsremediation.kb.io" denied the request: secret 'non-existent-secret' not found in namespace 'openshift-workload-availability': Secret "non-existent-secret" not found [root@cert-rhosp-02 ~]# [root@cert-rhosp-02 ~]# oc get far rhwa613-s4 -n openshift-workload-availability -o yaml Error from server (NotFound): fenceagentsremediations.fence-agents-remediation.medik8s.io "rhwa613-s4" not found [root@cert-rhosp-02 ~]# oc logs -n openshift-workload-availability -l app.kubernetes.io/name=fence-agents-remediation-operator -c manager --tail=20 | grep -i secret 2026-02-23T21:37:22.665098687Z INFO fenceagentsremediation-params found a value from secret {"secret name": "worker-1-cred", "parameter name": "--password"} 2026-02-23T21:37:22.665103672Z INFO fenceagentsremediation-params collectAllSecretParams finish successfully for node {"node": "worker-0-1"} 2026-02-23T21:40:21.016123916Z INFO fenceagentsremediationtemplate-resource Removing SharedSecretName old default value as the secret does not exist {"secretName": "fence-agents-credentials-shared"} 2026-02-23T21:40:21.020215123Z INFO fenceagentsremediation-params collectAllSecretParams start for node {"node": "worker-0-0"} 2026-02-23T21:40:21.020233051Z INFO fenceagentsremediation-params found a value from secret {"secret name": "worker-0-cred", "parameter name": "--password"} 2026-02-23T21:40:21.02023598Z INFO fenceagentsremediation-params collectAllSecretParams finish successfully for node {"node": "worker-0-0"} 2026-02-23T21:40:21.02025221Z INFO fenceagentsremediation-params collectAllSecretParams start for node {"node": "worker-0-1"} 2026-02-23T21:40:21.020258493Z INFO fenceagentsremediation-params found a value from secret {"secret name": "worker-1-cred", "parameter name": "--password"} 2026-02-23T21:40:21.020261249Z INFO fenceagentsremediation-params collectAllSecretParams finish successfully for node {"node": "worker-0-1"} 2026-02-23T21:40:21.020277972Z INFO fenceagentsremediation-params collectAllSecretParams start for node {"node": "worker-0-2"} 2026-02-23T21:40:21.020282858Z INFO fenceagentsremediation-params found a value from secret {"secret name": "worker-2-cred", "parameter name": "--password"} 2026-02-23T21:40:21.020285404Z INFO fenceagentsremediation-params collectAllSecretParams finish successfully for node {"node": "worker-0-2"} [root@cert-rhosp-02 ~]# [root@cert-rhosp-02 ~]# oc delete far rhwa613-s4 -n openshift-workload-availability --ignore-not-found Case 5 with plane text: [root@cert-rhosp-02 ~]# oc apply -f - <<'YAML' > apiVersion: fence-agents-remediation.medik8s.io/v1alpha1 > kind: FenceAgentsRemediation > metadata: > name: worker-0-2 > namespace: openshift-workload-availability > spec: > agent: fence_ipmilan > retrycount: 5 > retryinterval: 10s > timeout: 300s > nodeparameters: > '--ipport': > master-0-0: '6230' > master-0-1: '6231' > master-0-2: '6232' > worker-0-0: '6233' > worker-0-1: '6234' > worker-0-2: '6235' > sharedparameters: > '--action': "reboot" > '--ip': 192.168.123.1 > '--lanplus': '' > '--password': password > '--username': admin > YAML fenceagentsremediation.fence-agents-remediation.medik8s.io/worker-0-2 created [root@cert-rhosp-02 ~]# oc get far worker-0-2 -n openshift-workload-availability -o jsonpath='{.spec.sharedSecretName}'