1844057 – [CNV-2.4] cluster-network-addons-operator failing to start

Bug 1844057 - [CNV-2.4] cluster-network-addons-operator failing to start

Summary: [CNV-2.4] cluster-network-addons-operator failing to start

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Container Native Virtualization (CNV)
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	2.4.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Target Release:	2.4.0
Assignee:	Petr Horáček
QA Contact:	Meni Yakove
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1845899
TreeView+	depends on / blocked

Reported:	2020-06-04 14:59 UTC by Lukas Bednar
Modified:	2020-07-28 19:10 UTC (History)
CC List:	3 users (show)
Fixed In Version:	cluster-network-addons-operator-container-v2.4.0-26
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1845899 (view as bug list)
Environment:
Last Closed:	2020-07-28 19:10:31 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	kubevirt cluster-network-addons-operator pull 415	0	None	closed	allow listing of all SCC	2020-06-10 11:42:13 UTC
Red Hat Product Errata	RHSA-2020:3194	0	None	None	None	2020-07-28 19:10:43 UTC

Description Lukas Bednar 2020-06-04 14:59:44 UTC

Description of problem:

[cloud-user@ocp-psi-executor ~]$ oc logs -n openshift-cnv cluster-network-addons-operator-6cbcb8656c-6gqcg
2020/06/04 14:54:58 Go Version: go1.13.4
2020/06/04 14:54:58 Go OS/Arch: linux/amd64
2020/06/04 14:54:58 version of operator-sdk: v0.18.0
2020/06/04 14:54:58 version of cluster-network-addons-operator: sha256_c5f9c4a8590a443a82a06785364f6eccbbc72924cf8056a9d9584c45
I0604 14:54:59.357842       1 request.go:621] Throttling request took 1.027603785s, request: GET:https://172.30.0.1:443/api/v1?timeout=32s
2020/06/04 14:55:04 registering Components
2020/06/04 14:55:04 Running on OpenShift 4
2020/06/04 14:55:04 failed setting up operator controllers: failed to check for availability of SCC: securitycontextconstraints.security.openshift.io is forbidden: User "system:serviceaccount:openshift-cnv:cluster-network-addons-operator" cannot list resource "securitycontextconstraints" in API group "security.openshift.io" at the cluster scope



Version-Release number of selected component (if applicable):
OCP-4.5
HCO-v2.3.0-282


How reproducible: 100


Steps to Reproduce:
1. Deploy CNV
2.
3.

Actual results: cluster-network-addons-operator failing to start


Expected results: cnv deployed


Additional info:

Comment 1 Simone Tiraboschi 2020-06-04 15:27:11 UTC

I tend to think it's a sife effect of https://github.com/kubevirt/cluster-network-addons-operator/pull/413

Comment 2 Nelly Credi 2020-06-04 15:33:06 UTC

i see this was merged 2 days ago
and Lukas sees it in the latest build.
why isn't this fix part of the latest build?

Comment 6 Petr Horáček 2020-06-04 17:21:24 UTC

We have an explicit rule for SCC here https://github.com/RamLavi/cluster-network-addons-operator/blob/19291e695e6a293ed395bf42ab23aaaa91e68162/pkg/components/components.go#L268. But maybe it fails due to the `ResourceNames` selector. Will post a fix ASAP.

Comment 8 Petr Horáček 2020-06-04 19:03:27 UTC

It should be fixed in the next build. Sorry about the issue, we had false positives on our U/S CI.

Comment 9 Lukas Bednar 2020-06-08 09:07:27 UTC

working in HCO v2.3.0-291

cluster-network-addons-operator-6664f6764f-k29l7      1/1     Running   0          13h

Comment 12 errata-xmlrpc 2020-07-28 19:10:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:3194

Note You need to log in before you can comment on or make changes to this bug.