Bug 1823272
| Summary: | ComplianceSuite CR removes all scan pods once the scan completes | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | xiyuan |
| Component: | Compliance Operator | Assignee: | Jakub Hrozek <jhrozek> |
| Status: | CLOSED ERRATA | QA Contact: | xiyuan |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4.5 | CC: | josorior, mrogers, nkinder, pdhamdhe |
| Target Milestone: | --- | ||
| Target Release: | 4.6.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | v0.1.10 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-27 15:57:47 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
xiyuan
2020-04-13 05:37:21 UTC
Fixed upstream in https://github.com/openshift/compliance-operator/commit/a7bbfb06fb02859c25b6ebf062054722946c19f3 Verification pass with 4.6.0-0.nightly-2020-07-22-031913 and compliance operator v0.1.11
All pod for the scans in the compliancesuite won't be removed once the scan completed, no matter debug is true of false.
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.6.0-0.nightly-2020-07-22-031913 True False 3h50m Cluster version is 4.6.0-0.nightly-2020-07-22-031913
$ oc create -f -<<EOF
apiVersion: compliance.openshift.io/v1alpha1
kind: ComplianceSuite
metadata:
name: example-compliancesuite
spec:
autoApplyRemediations: false
schedule: "0 1 * * *"
scans:
- name: workers-scan
profile: xccdf_org.ssgproject.content_profile_moderate
content: ssg-rhcos4-ds.xml
contentImage: quay.io/complianceascode/ocp4:latest
nodeSelector:
node-role.kubernetes.io/worker: ""
EOF
$ oc get pod
apiVersion: compliance.openshift.io/v1alpha1
kind: ComplianceSuite
metadata:
name: example-compliancesuite2
spec:
autoApplyRemediations: false
schedule: "0 1 * * *"
scans:
- name: master-scan
profile: xccdf_org.ssgproject.content_profile_moderate
content: ssg-rhcos4-ds.xml
contentImage: quay.io/complianceascode/ocp4:latest
nodeSelector:
node-role.kubernetes.io/worker: ""
debug: true
EOF
$ oc get pod
NAME READY STATUS RESTARTS AGE
aggregator-pod-master-scan 0/1 Completed 0 15m
aggregator-pod-workers-scan 0/1 Completed 0 30m
compliance-operator-6bcbf66d5b-c89h8 1/1 Running 0 44m
compliance-operator-6bcbf66d5b-d9wtn 1/1 Running 0 44m
compliance-operator-6bcbf66d5b-rfptv 1/1 Running 0 44m
master-scan-ip-10-0-155-171.us-east-2.compute.internal-pod 0/2 Completed 0 17m
master-scan-ip-10-0-187-194.us-east-2.compute.internal-pod 0/2 Completed 0 17m
master-scan-ip-10-0-209-18.us-east-2.compute.internal-pod 0/2 Completed 0 17m
ocp4-pp-59466846fd-t5q9h 1/1 Running 0 43m
rhcos4-pp-6845f5dcd-hh52x 1/1 Running 0 43m
workers-scan-ip-10-0-155-171.us-east-2.compute.internal-pod 0/2 Completed 0 33m
workers-scan-ip-10-0-187-194.us-east-2.compute.internal-pod 0/2 Completed 0 33m
workers-scan-ip-10-0-209-18.us-east-2.compute.internal-pod 0/2 Completed 0 33m
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |