Description of problem: The ComplianceRemediation reports "invalid spec.machineConfigContents.spec.kernelType: Required value" error while deploying cr $ oc create -f compliance-operator/deploy/crds/compliance.openshift.io_v1alpha1_complianceremediation_cr.yaml The ComplianceRemediation "example-remediation-worker-no-direct-root-login" is invalid: spec.machineConfigContents.spec.kernelType: Required value Version-Release number of selected component (if applicable): 4.5.0-0.nightly-2020-03-17-225152 How reproducible: Always Steps to Reproduce: 1. $ git clone https://github.com/openshift/compliance-operator.git 2. $ oc create -f compliance-operator/deploy/ns.yaml 3. $ oc project openshift-compliance 4. $ for f in $(ls -1 compliance-operator/deploy/crds/*crd.yaml); do oc create -f $f; done 5. $ oc create -f compliance-operator/deploy/ 6. $ oc create -f compliance-operator/deploy/crds/compliance.openshift.io_v1alpha1_complianceremediation_cr.yaml Actual results: The ComplianceRemediation reports "invalid spec.machineConfigContents.spec.kernelType: Required value" error while deploying cr Expected results: The ComplianceRemediation cr should deploy without an error message Additional info:
This was fixed upstream in https://github.com/openshift/compliance-operator/commit/5785880f276401fd2fb010a504df71d070a6c0cf
Sorry, more context: This was fixed upstream by removing the example CR. The ComplianceRemediation CR was not intended to be used directly, but only generated by the operator instead.
Verified on latest compliance-operator.v0.1.11 $ grep "name:\|version:" compliance-operator/deploy/olm-catalog/compliance-operator/0.1.11/compliance-operator.v0.1.11.clusterserviceversion.yaml |awk 'NR==1; END{print}' name: compliance-operator.v0.1.11 version: 0.1.11 The complianceremediation CR should only be generated by the operator and does not suppose to be used by users. So it does not exist in the latest compliance-operator version. $ (ls -1 compliance-operator/deploy/crds/*cr.yaml) compliance-operator/deploy/crds/compliance.openshift.io_v1alpha1_compliancescan_cr.yaml compliance-operator/deploy/crds/compliance.openshift.io_v1alpha1_compliancesuite_cr.yaml compliance-operator/deploy/crds/compliance.openshift.io_v1alpha1_profilebundle_cr.yaml compliance-operator/deploy/crds/compliance.openshift.io_v1alpha1_scansettingbinding_cr.yaml compliance-operator/deploy/crds/compliance.openshift.io_v1alpha1_scansetting_cr.yaml compliance-operator/deploy/crds/compliance.openshift.io_v1alpha1_tailoredprofile_cr.yaml In the latest version, the complianceremediation generates by compliance-operator instead of users. $ oc version Client Version: 4.4.0-rc.9 Server Version: 4.6.0-0.nightly-2020-07-25-091217 Kubernetes Version: v4.6.0-202007250017.p0-dirty $ oc get complianceremediations workers-scan-audit-rules-dac-modification-chmod -o yaml |head apiVersion: compliance.openshift.io/v1alpha1 kind: ComplianceRemediation metadata: creationTimestamp: "2020-07-27T06:54:35Z" generation: 1 labels: compliance.openshift.io/suite: example-compliancesuite complianceoperator.openshift.io/scan: workers-scan machineconfiguration.openshift.io/role: worker managedFields:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196