Bug 1867030
Summary: | [OCP v46] The Compliance-Operator api-checks pod goes in CrashLoopBackOff during the Platform scan | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Prashant Dhamdhere <pdhamdhe> |
Component: | Compliance Operator | Assignee: | Juan Antonio Osorio <josorior> |
Status: | CLOSED ERRATA | QA Contact: | Prashant Dhamdhere <pdhamdhe> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4.6 | CC: | jhrozek, josorior, mrogers, nkinder, xiyuan |
Target Milestone: | --- | ||
Target Release: | 4.6.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-10-27 16:25:54 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Prashant Dhamdhere
2020-08-07 08:14:17 UTC
Merged with https://github.com/openshift/compliance-operator/commit/1a7989f871413a33c608ec0f9bc5a04f33edc1d4 The Compliance-Operator api-checks pod status looks good now. Verified on: OCP 4.6.0-0.nightly-2020-08-27-005538 compliance-operator.v0.1.13 $ oc get pods/platform-scan-api-checks-pod NAME READY STATUS RESTARTS AGE platform-scan-api-checks-pod 0/2 Completed 0 55s $ oc get profile.compliance/ocp4-cis NAME AGE ocp4-cis 7m6s $ oc describe pod platform-scan-api-checks-pod|grep -A15 "api-resource-collector" /var/run/secrets/kubernetes.io/serviceaccount from api-resource-collector-token-qjjrz (ro) api-resource-collector: Container ID: cri-o://fb595ce7f02b7b0a7aeb674894ae1f434d5ccadc4425c425aa2bb2ced94cfc1c Image: quay.io/compliance-operator/compliance-operator:latest Image ID: quay.io/compliance-operator/compliance-operator@sha256:268cb1032080e63e462fe2c216140c9b5b3ae9ba46de1d67da0b695cbe4e0782 Port: <none> Host Port: <none> Command: compliance-operator api-resource-collector --content=/content/ssg-ocp4-ds.xml --resultdir=/kubernetes-api-resources --profile=xccdf_org.ssgproject.content_profile_cis --debug State: Terminated <<----- Reason: Completed <<----- Exit Code: 0 Started: Thu, 27 Aug 2020 10:14:24 +0530 Finished: Thu, 27 Aug 2020 10:14:25 +0530 Ready: True Restart Count: 0 Environment: <none> $ oc logs pod/platform-scan-api-checks-pod -c api-resource-collector|tail debug: Couldn't find 'warning' child of check xccdf_org.ssgproject.content_rule_scc_limit_network_namespace debug: Couldn't find 'warning' child of check xccdf_org.ssgproject.content_rule_scc_limit_privilege_escalation debug: Couldn't find 'warning' child of check xccdf_org.ssgproject.content_rule_scc_limit_privileged_containers debug: Couldn't find 'warning' child of check xccdf_org.ssgproject.content_rule_scc_limit_process_id_namespace debug: Couldn't find 'warning' child of check xccdf_org.ssgproject.content_rule_scc_limit_root_containers debug: Couldn't find 'warning' child of check xccdf_org.ssgproject.content_rule_scheduler_profiling_argument debug: Couldn't find 'warning' child of check xccdf_org.ssgproject.content_rule_secrets_no_environment_variables no valid checks found in datastream <<----- Fetching URI: '/apis/config.openshift.io/v1/clusteroperators/openshift-apiserver' Saving fetched resource to: '/kubernetes-api-resources/apis/config.openshift.io/v1/clusteroperators/openshift-apiserver' $ oc get pods NAME READY STATUS RESTARTS AGE aggregator-pod-platform-scan 0/1 Completed 0 4m46s <<----- compliance-operator-869646dd4f-5vq7z 1/1 Running 0 12m ocp4-pp-7f89f556cc-zzmkj 1/1 Running 0 11m platform-scan-api-checks-pod 0/2 Completed 0 5m16s <<----- rhcos4-pp-7c44999587-bckrn 1/1 Running 0 11m $ oc get compliancesuite NAME PHASE RESULT example-compliancesuite DONE NON-COMPLIANT Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |