Bug 2082099
Summary: | The seccompprofile could not reach “installed” status due to length limitation when trying to create finalizer | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | xiyuan |
Component: | Security Profiles Operator | Assignee: | Vincent Shen <wenshen> |
Status: | CLOSED ERRATA | QA Contact: | xiyuan |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.11 | CC: | davegord, jhrozek, lbragsta, wenshen |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2023-01-18 11:36:58 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
xiyuan
2022-05-05 11:54:17 UTC
Reviewed, legit bug. Verification pass with 4.13.0-0.nightly-2022-12-20-174734 + security-profiles-operator-bundle-container-0.5.0-62 $ oc get all NAME READY STATUS RESTARTS AGE pod/security-profiles-operator-6587778674-4b9wl 1/1 Running 0 3m4s pod/security-profiles-operator-6587778674-4bbpl 1/1 Running 0 3m4s pod/security-profiles-operator-6587778674-t8rbn 1/1 Running 0 3m4s pod/security-profiles-operator-webhook-5878c5bc9b-4xnsl 1/1 Running 0 2m56s pod/security-profiles-operator-webhook-5878c5bc9b-m9kgb 1/1 Running 0 2m56s pod/security-profiles-operator-webhook-5878c5bc9b-zcxmq 1/1 Running 0 2m56s pod/spod-8vxlw 4/4 Running 0 2m56s pod/spod-bhxxp 4/4 Running 0 2m56s pod/spod-ht5mp 4/4 Running 0 2m56s pod/spod-xmzrt 4/4 Running 0 2m56s pod/spod-zch5k 4/4 Running 0 2m56s pod/spod-zxbxr 4/4 Running 0 2m56s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/metrics ClusterIP 172.30.160.27 <none> 443/TCP 2m57s service/webhook-service ClusterIP 172.30.116.102 <none> 443/TCP 2m57s NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/spod 6 6 6 6 6 kubernetes.io/os=linux 2m57s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/security-profiles-operator 3/3 3 3 3m5s deployment.apps/security-profiles-operator-webhook 3/3 3 3 2m57s NAME DESIRED CURRENT READY AGE replicaset.apps/security-profiles-operator-6587778674 3 3 3 3m6s replicaset.apps/security-profiles-operator-webhook-5878c5bc9b 3 3 3 2m58s $ oc get node --no-headers | awk '{print $1}' > node_name.txt $ cat node_name.txt xiyuan-1221c-g2cst-master-0.c.openshift-qe.internal xiyuan-1221c-g2cst-master-1.c.openshift-qe.internal xiyuan-1221c-g2cst-master-2.c.openshift-qe.internal xiyuan-1221c-g2cst-worker-a-kljxp.c.openshift-qe.internal xiyuan-1221c-g2cst-worker-b-csp5b.c.openshift-qe.internal xiyuan-1221c-g2cst-worker-c-87j47.c.openshift-qe.internal $ awk -F "" '{print NF}' node_name.txt 51 51 51 57 57 57 $ oc get sp NAME STATUS AGE log-enricher-trace Installed 12m nginx-1.19.1 Installed 12m #############When the node name > 55(limit 63-len(-deleted)), the finalizer will not show the full node name: $ oc get sp log-enricher-trace -o=jsonpath={.metadata.finalizers} | jq -r [ "xiyuan-1221c-g2cst-worker-b-csp5b.c.openshift-qe.intern-deleted", "xiyuan-1221c-g2cst-worker-a-kljxp.c.openshift-qe.intern-deleted", "xiyuan-1221c-g2cst-master-1.c.openshift-qe.internal-deleted", "xiyuan-1221c-g2cst-worker-c-87j47.c.openshift-qe.intern-deleted", "xiyuan-1221c-g2cst-master-0.c.openshift-qe.internal-deleted", "xiyuan-1221c-g2cst-master-2.c.openshift-qe.internal-deleted" ] $ oc get sp nginx-1.19.1 -o=jsonpath={.metadata.finalizers} | jq -r [ "xiyuan-1221c-g2cst-worker-b-csp5b.c.openshift-qe.intern-deleted", "xiyuan-1221c-g2cst-worker-a-kljxp.c.openshift-qe.intern-deleted", "xiyuan-1221c-g2cst-master-1.c.openshift-qe.internal-deleted", "xiyuan-1221c-g2cst-worker-c-87j47.c.openshift-qe.intern-deleted", "xiyuan-1221c-g2cst-master-0.c.openshift-qe.internal-deleted", "xiyuan-1221c-g2cst-master-2.c.openshift-qe.internal-deleted" ] Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Security Profiles Operator release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:8762 |