Bug 2155740

Summary: [4.11] Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found"
Product: Container Native Virtualization (CNV) Reporter: Arnon Gilboa <agilboa>
Component: StorageAssignee: Arnon Gilboa <agilboa>
Status: CLOSED ERRATA QA Contact: Yan Du <yadu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.10.3CC: alitke
Target Milestone: ---   
Target Release: 4.11.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: v4.11.3-7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-02-07 15:16:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2116644    
Bug Blocks:    

Description Arnon Gilboa 2022-12-22 07:04:53 UTC 
This bug was initially created as a copy of Bug #2116644

I am copying this bug because: 



Description of problem:

The cluster is having cluster proxy configured as below:

~~~
apiVersion: v1
items:
- apiVersion: config.openshift.io/v1
  kind: Proxy
....
....
  spec:
    trustedCA:
      name: custom-ca <<<
~~~

However, the custom-ca was only created in openshit-config namespace by following https://docs.openshift.com/container-platform/4.10/networking/enable-cluster-wide-proxy.html.

However, while importing the disk, the importer pod is in ContainerCreating status and we have the below events:

~~~
12m         Warning   FailedMount                   pod/importer-rhel7-sophisticated-parrotfish            MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found
~~~

This is because the custom-ca is not available in the namespace where we are importing the disk. The user has to manually copy the ConfigMap custom-ca to the namespace for the import to work. 

Version-Release number of selected component (if applicable):

OpenShift Virtualization   4.10.3

How reproducible:

100 %

Steps to Reproduce:

1. Add spec.trustedCA in the cluster-wide proxy configuration.
2. Create the ConfigMap that contains CA certificates in openshift-config namespace.
3. Try to import a image in namespace other than openshift-config. The importer pod will be stuck in `ContainerCreating` status.

Actual results:

Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found"

Expected results:

Since the error is creating confusion, it would be ideal if the ConfigMap is automatically copied to the namespace where the user is trying to import the VM/disk. If not, I think we should mention this is the documentation to copy the ConfigMap manually.

Additional info:
Comment 1 Yan Du 2023-01-18 09:42:35 UTC 
Test on CNV-v4.11.3-8, import succeed when proxy is set

$ oc get dv fedora36 
NAME       PHASE       PROGRESS   RESTARTS   AGE
fedora36   Succeeded   100.0%                2m3s
$ oc get pvc fedora36 
NAME       STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS         AGE
fedora36   Bound    pvc-bcb25925-77da-4e8f-b6df-3618cf22438f   149Gi      RWO            hostpath-csi-basic   112s
Comment 7 errata-xmlrpc 2023-02-07 15:16:28 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Virtualization 4.11.3 Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:0621