1845477 – [SSP] Template validator fails to "Extract the CA bundle"; template validator is not called when a VM is created

Bug 1845477 - [SSP] Template validator fails to "Extract the CA bundle"; template validator is not called when a VM is created

Summary: [SSP] Template validator fails to "Extract the CA bundle"; template validator...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Container Native Virtualization (CNV)
Classification:	Red Hat
Component:	SSP
Sub Component:
Version:	2.4.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	2.4.0
Assignee:	Karel Šimon
QA Contact:	Israel Pinto
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-06-09 10:48 UTC by Ruth Netser
Modified:	2020-07-28 19:10 UTC (History)
CC List:	1 user (show)
Fixed In Version:	kubevirt-ssp-operator-container-v2.4.0-48
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-07-28 19:10:31 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2020:3194	0	None	None	None	2020-07-28 19:10:43 UTC

Description Ruth Netser 2020-06-09 10:48:50 UTC

Description of problem:
Teplate validator fails to extract CA bundle; The template validaotr pods are runnign but when a VM is created from template, the template validator is not called. 
A VM with a spec that does not compy with the template can be created.

Version-Release number of selected component (if applicable):
$ oc get kv -n openshift-cnv -o yaml | grep operatorVersion
    operatorVersion: v0.30.0
kubevirt-ssp-operator-container-v2.4.0-47

How reproducible:
100%

Steps to Reproduce:
1. Create a DV
2. Create a VM which uses Windows template and has requested memory < memory validation (yaml below) 


Actual results:
VM creation succeeds 

Expected results:
VM creation should fail; requested memory violates the template validation rule

Additional info:
=============================================
$ cat win.yaml
apiVersion: v1
items:
- apiVersion: kubevirt.io/v1alpha3
  kind: VirtualMachine
  metadata:
    labels:
      app: test8
      vm.kubevirt.io/template: windows-server-medium-v0.7.0
      vm.kubevirt.io/template.namespace: openshift
      vm.kubevirt.io/template.revision: "1"
      vm.kubevirt.io/template.version: v0.11.0
    name: test8
  spec:
    running: false
    template:
      metadata:
        labels:
          kubevirt.io/domain: test8
          kubevirt.io/size: medium
      spec:
        domain:
          clock:
            timer:
              hpet:
                present: false
              hyperv: {}
              pit:
                tickPolicy: delay
              rtc:
                tickPolicy: catchup
            utc: {}
          cpu:
            cores: 1
            sockets: 1
            threads: 1
          devices:
            disks:
            - disk:
                bus: sata
              name: rootdisk
            interfaces:
            - masquerade: {}
              model: e1000e
              name: default
          features:
            acpi: {}
            apic: {}
            hyperv:
              relaxed: {}
              spinlocks:
                spinlocks: 8191
              vapic: {}
          machine:
            type: pc-q35-rhel8.1.0
          resources:
            requests:
              memory: 500M
        evictionStrategy: LiveMigrate
        networks:
        - name: default
          pod: {}
        terminationGracePeriodSeconds: 0
        volumes:
        - name: rootdisk
          persistentVolumeClaim:
            claimName: win-16-2
kind: List
metadata: {}


=============================================
$ oc logs -n openshift-cnv kubevirt-ssp-operator-5546689964-pfqwz
....
....
{"level":"info","ts":1591694141.560241,"logger":"logging_event_handler","msg":"[playbook task]","name":"template-validator-kubevirt-hyperconverged","namespace":"openshift-cnv","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtTemplateValidator","event_type":"playbook_on_task_start","job":"894385949183117216","EventData.Name":"Gathering Facts"}
{"level":"info","ts":1591694141.5861125,"logger":"logging_event_handler","msg":"[playbook task]","name":"common-templates-kubevirt-hyperconverged","namespace":"openshift","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtCommonTemplatesBundle","event_type":"playbook_on_task_start","job":"2775422040480279449","EventData.Name":"Gathering Facts"}
{"level":"info","ts":1591694141.6107697,"logger":"logging_event_handler","msg":"[playbook task]","name":"node-labeller-kubevirt-hyperconverged","namespace":"openshift-cnv","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtNodeLabellerBundle","event_type":"playbook_on_task_start","job":"4751997750760398084","EventData.Name":"Gathering Facts"}
{"level":"info","ts":1591694147.586814,"logger":"logging_event_handler","msg":"[playbook task]","name":"metrics-aggregation-kubevirt-hyperconverged","namespace":"openshift-cnv","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtMetricsAggregation","event_type":"playbook_on_task_start","job":"7504504064263669287","EventData.Name":"KubevirtMetricsAggregation : Install VMI count aggregation rule"}
{"level":"info","ts":1591694151.1020195,"logger":"proxy","msg":"Watching child resource","kind":"monitoring.coreos.com/v1, Kind=PrometheusRule","enqueue_kind":"ssp.kubevirt.io/v1, Kind=KubevirtMetricsAggregation"}
{"level":"info","ts":1591694151.1021483,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"kubevirtmetricsaggregation-controller","source":"kind source: monitoring.coreos.com/v1, Kind=PrometheusRule"}
{"level":"info","ts":1591694151.7088387,"logger":"runner","msg":"Ansible-runner exited successfully","job":"7504504064263669287","name":"metrics-aggregation-kubevirt-hyperconverged","namespace":"openshift-cnv"}
{"level":"info","ts":1591694152.4026933,"logger":"logging_event_handler","msg":"[playbook debug]","name":"template-validator-kubevirt-hyperconverged","namespace":"openshift-cnv","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtTemplateValidator","event_type":"runner_on_ok","job":"894385949183117216","EventData.TaskArgs":""}
{"level":"info","ts":1591694152.4135633,"logger":"logging_event_handler","msg":"[playbook debug]","name":"node-labeller-kubevirt-hyperconverged","namespace":"openshift-cnv","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtNodeLabellerBundle","event_type":"runner_on_ok","job":"4751997750760398084","EventData.TaskArgs":""}
{"level":"info","ts":1591694152.4394464,"logger":"logging_event_handler","msg":"[playbook task]","name":"node-labeller-kubevirt-hyperconverged","namespace":"openshift-cnv","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtNodeLabellerBundle","event_type":"playbook_on_task_start","job":"4751997750760398084","EventData.Name":"KubevirtNodeLabeller : Create the node labeller roles"}
{"level":"info","ts":1591694152.4448285,"logger":"logging_event_handler","msg":"[playbook task]","name":"template-validator-kubevirt-hyperconverged","namespace":"openshift-cnv","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtTemplateValidator","event_type":"playbook_on_task_start","job":"894385949183117216","EventData.Name":"KubevirtTemplateValidator : Set template:view role"}
{"level":"info","ts":1591694152.6050363,"logger":"logging_event_handler","msg":"[playbook debug]","name":"common-templates-kubevirt-hyperconverged","namespace":"openshift","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtCommonTemplatesBundle","event_type":"runner_on_ok","job":"2775422040480279449","EventData.TaskArgs":""}
{"level":"info","ts":1591694152.6486146,"logger":"logging_event_handler","msg":"[playbook task]","name":"common-templates-kubevirt-hyperconverged","namespace":"openshift","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtCommonTemplatesBundle","event_type":"playbook_on_task_start","job":"2775422040480279449","EventData.Name":"KubevirtCommonTemplatesBundle : Install VM templates"}
{"level":"info","ts":1591694155.1926355,"logger":"proxy","msg":"Watching child resource","kind":"/v1, Kind=ServiceAccount","enqueue_kind":"ssp.kubevirt.io/v1, Kind=KubevirtNodeLabellerBundle"}
{"level":"info","ts":1591694155.192726,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"kubevirtnodelabellerbundle-controller","source":"kind source: /v1, Kind=ServiceAccount"}
{"level":"info","ts":1591694155.5995336,"logger":"logging_event_handler","msg":"[playbook task]","name":"template-validator-kubevirt-hyperconverged","namespace":"openshift-cnv","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtTemplateValidator","event_type":"playbook_on_task_start","job":"894385949183117216","EventData.Name":"KubevirtTemplateValidator : Create the service"}
{"level":"info","ts":1591694156.4588916,"logger":"logging_event_handler","msg":"[playbook task]","name":"metrics-aggregation-kubevirt-hyperconverged","namespace":"openshift-cnv","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtMetricsAggregation","event_type":"playbook_on_task_start","job":"3510942875414458836","EventData.Name":"KubevirtMetricsAggregation : Install VMI count aggregation rule"}
{"level":"info","ts":1591694156.576744,"logger":"proxy","msg":"Watching child resource","kind":"template.openshift.io/v1, Kind=Template","enqueue_kind":"ssp.kubevirt.io/v1, Kind=KubevirtCommonTemplatesBundle"}
{"level":"info","ts":1591694156.5768192,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"kubevirtcommontemplatesbundle-controller","source":"kind source: template.openshift.io/v1, Kind=Template"}
{"level":"info","ts":1591694158.8012443,"logger":"proxy","msg":"Watching child resource","kind":"/v1, Kind=ServiceAccount","enqueue_kind":"ssp.kubevirt.io/v1, Kind=KubevirtTemplateValidator"}
{"level":"info","ts":1591694158.8013096,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"kubevirttemplatevalidator-controller","source":"kind source: /v1, Kind=ServiceAccount"}
{"level":"info","ts":1591694159.7835338,"logger":"runner","msg":"Ansible-runner exited successfully","job":"3510942875414458836","name":"metrics-aggregation-kubevirt-hyperconverged","namespace":"openshift-cnv"}
{"level":"info","ts":1591694161.938563,"logger":"proxy","msg":"Watching child resource","kind":"/v1, Kind=ConfigMap","enqueue_kind":"ssp.kubevirt.io/v1, Kind=KubevirtNodeLabellerBundle"}
{"level":"info","ts":1591694161.9386113,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"kubevirtnodelabellerbundle-controller","source":"kind source: /v1, Kind=ConfigMap"}
{"level":"info","ts":1591694162.235562,"logger":"proxy","msg":"Watching child resource","kind":"/v1, Kind=Service","enqueue_kind":"ssp.kubevirt.io/v1, Kind=KubevirtTemplateValidator"}
{"level":"info","ts":1591694162.235682,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"kubevirttemplatevalidator-controller","source":"kind source: /v1, Kind=Service"}
{"level":"info","ts":1591694162.297037,"logger":"logging_event_handler","msg":"[playbook task]","name":"node-labeller-kubevirt-hyperconverged","namespace":"openshift-cnv","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtNodeLabellerBundle","event_type":"playbook_on_task_start","job":"4751997750760398084","EventData.Name":"KubevirtNodeLabeller : Create the node labeller daemon set"}
{"level":"info","ts":1591694164.2886379,"logger":"proxy","msg":"Watching child resource","kind":"apps/v1, Kind=Deployment","enqueue_kind":"ssp.kubevirt.io/v1, Kind=KubevirtTemplateValidator"}
{"level":"info","ts":1591694164.2888806,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"kubevirttemplatevalidator-controller","source":"kind source: apps/v1, Kind=Deployment"}
{"level":"info","ts":1591694164.893847,"logger":"proxy","msg":"Watching child resource","kind":"apps/v1, Kind=DaemonSet","enqueue_kind":"ssp.kubevirt.io/v1, Kind=KubevirtNodeLabellerBundle"}
{"level":"info","ts":1591694164.8939064,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"kubevirtnodelabellerbundle-controller","source":"kind source: apps/v1, Kind=DaemonSet"}
{"level":"info","ts":1591694165.328187,"logger":"logging_event_handler","msg":"[playbook task]","name":"node-labeller-kubevirt-hyperconverged","namespace":"openshift-cnv","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtNodeLabellerBundle","event_type":"playbook_on_task_start","job":"4751997750760398084","EventData.Name":"KubevirtNodeLabeller : Refresh node-labeller var"}
{"level":"error","ts":1591694165.3979275,"logger":"logging_event_handler","msg":"","name":"template-validator-kubevirt-hyperconverged","namespace":"openshift-cnv","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtTemplateValidator","event_type":"runner_on_failed","job":"894385949183117216","EventData.Task":"Extract the CA bundle","EventData.TaskArgs":"","EventData.FailedTaskPath":"/opt/ansible/roles/KubevirtTemplateValidator/tasks/main.yml:16","error":"[playbook task failed]","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\tsrc/github.com/operator-framework/operator-sdk/vendor/github.com/go-logr/zapr/zapr.go:128\ngithub.com/operator-framework/operator-sdk/pkg/ansible/events.loggingEventHandler.Handle\n\tsrc/github.com/operator-framework/operator-sdk/pkg/ansible/events/log_events.go:84"}
{"level":"error","ts":1591694165.6975467,"logger":"runner","msg":"\u001b[0;34mansible-playbook 2.9.9\u001b[0m\r\n\u001b[0;34m  config file = /etc/ansible/ansible.cfg\u001b[0m\r\n\u001b[0;34m  configured module search path = [u'/usr/share/ansible/openshift']\u001b[0m\r\n\u001b[0;34m  ansible python module location = /usr/lib/python2.7/site-packages/ansible\u001b[0m\r\n\u001b[0;34m  executable location = /usr/bin/ansible-playbook\u001b[0m\r\n\u001b[0;34m  python version = 2.7.5 (default, Sep 26 2019, 13:23:47) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]\u001b[0m\r\n\u001b[0;34mUsing /etc/ansible/ansible.cfg as config file\u001b[0m\r\n\r\nPLAYBOOK: templatevalidator.yaml ***********************************************\n\u001b[0;34m1 plays in /opt/ansible/templatevalidator.yaml\u001b[0m\n\r\nPLAY [localhost] ***************************************************************\n\r\nTASK [Gathering Facts] *********************************************************\r\n\u001b[1;30mtask path: /opt/ansible/templatevalidator.yaml:1\u001b[0m\n\u001b[0;32mok: [localhost]\u001b[0m\n\u001b[0;34mMETA: ran handlers\u001b[0m\n\r\nTASK [KubevirtCircuitBreaker : Extract the CR info] ****************************\r\n\u001b[1;30mtask path: /opt/ansible/roles/KubevirtCircuitBreaker/tasks/main.yml:3\u001b[0m\n\u001b[0;32mok: [localhost] => {\"ansible_facts\": {\"cr_info\": {\"apiVersion\": \"ssp.kubevirt.io/v1\", \"kind\": \"KubevirtTemplateValidator\", \"metadata\": {\"creationTimestamp\": \"2020-06-09T09:00:12Z\", \"generation\": 1, \"labels\": {\"app\": \"kubevirt-hyperconverged\"}, \"managedFields\": [{\"apiVersion\": \"ssp.kubevirt.io/v1\", \"fieldsType\": \"FieldsV1\", \"fieldsV1\": {\"f:metadata\": {\"f:labels\": {\".\": {}, \"f:app\": {}}, \"f:ownerReferences\": {}}, \"f:spec\": {}}, \"manager\": \"hyperconverged-cluster-operator\", \"operation\": \"Update\", \"time\": \"2020-06-09T09:00:12Z\"}, {\"apiVersion\": \"ssp.kubevirt.io/v1\", \"fieldsType\": \"FieldsV1\", \"fieldsV1\": {\"f:status\": {\".\": {}, \"f:conditions\": {}}}, \"manager\": \"ansible-operator\", \"operation\": \"Update\", \"time\": \"2020-06-09T09:15:36Z\"}], \"name\": \"template-validator-kubevirt-hyperconverged\", \"namespace\": \"openshift-cnv\", \"ownerReferences\": [{\"apiVersion\": \"hco.kubevirt.io/v1alpha1\", \"blockOwnerDeletion\": true, \"controller\": true, \"kind\": \"HyperConverged\", \"name\": \"kubevirt-hyperconverged\", \"uid\": \"738fbe7d-0da9-4860-945b-76f5ce93942a\"}], \"resourceVersion\": \"68216\", \"selfLink\": \"/apis/ssp.kubevirt.io/v1/namespaces/openshift-cnv/kubevirttemplatevalidators/template-validator-kubevirt-hyperconverged\", \"uid\": \"c2f4d4dc-a595-4759-a5b1-e2d9745b1951\"}, \"spec\": {}, \"status\": {\"conditions\": [{\"ansibleResult\": {\"changed\": 0, \"completion\": \"2020-06-09T09:10:31.067269\", \"failures\": 1, \"ok\": 8, \"skipped\": 0}, \"lastTransitionTime\": \"2020-06-09T09:10:31Z\", \"message\": \"An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt\", \"reason\": \"Failed\", \"status\": \"False\", \"type\": \"Failure\"}, {\"lastTransitionTime\": \"2020-06-09T09:15:36Z\", \"message\": \"Running reconciliation\", \"reason\": \"Running\", \"status\": \"True\", \"type\": \"Running\"}]}}}, \"changed\": false}\u001b[0m\n\r\nTASK [KubevirtCircuitBreaker : Extract the disable info] ***********************\r\n\u001b[1;30mtask path: /opt/ansible/roles/KubevirtCircuitBreaker/tasks/main.yml:6\u001b[0m\n\u001b[0;32mok: [localhost] => {\"ansible_facts\": {\"is_paused\": false}, \"changed\": false}\u001b[0m\n\u001b[0;34mMETA: \u001b[0m\n\r\nTASK [KubevirtRepoInfo : Extract the image name] *******************************\r\n\u001b[1;30mtask path: /opt/ansible/roles/KubevirtRepoInfo/tasks/main.yml:3\u001b[0m\n\u001b[0;32mok: [localhost] => {\"ansible_facts\": {\"operator_image_name\": \"registry-proxy.engineering.redhat.com/rh-osbs/container-native-virtualization-kubevirt-ssp-operator@sha256:07a0d4deaa77c7655be31c0a7da0b9ffde6d420a04a2d3db4a363d9f4ca0886a\"}, \"changed\": false}\u001b[0m\n\r\nTASK [KubevirtRepoInfo : Extract the SSP registry] *****************************\r\n\u001b[1;30mtask path: /opt/ansible/roles/KubevirtRepoInfo/tasks/main.yml:6\u001b[0m\n\u001b[0;32mok: [localhost] => {\"ansible_facts\": {\"image_name_prefix\": \"container-native-virtualization-\", \"ssp_registry\": \"registry-proxy.engineering.redhat.com/rh-osbs\"}, \"changed\": false}\u001b[0m\n\r\nTASK [KubevirtRepoInfo : Show the SSP registry] ********************************\r\n\u001b[1;30mtask path: /opt/ansible/roles/KubevirtRepoInfo/tasks/main.yml:10\u001b[0m\n\u001b[0;32mok: [localhost] => {\u001b[0m\r\n\u001b[0;32m    \"msg\": \"registry: registry-proxy.engineering.redhat.com/rh-osbs prefix: container-native-virtualization-\"\u001b[0m\r\n\u001b[0;32m}\u001b[0m\n\r\nTASK [KubevirtTemplateValidator : Set template:view role] **********************\r\n\u001b[1;30mtask path: /opt/ansible/roles/KubevirtTemplateValidator/tasks/main.yml:3\u001b[0m\n\u001b[0;32mok: [localhost] => {\"changed\": false, \"method\": \"patch\", \"result\": {\"apiVersion\": \"rbac.authorization.k8s.io/v1beta1\", \"kind\": \"ClusterRole\", \"metadata\": {\"annotations\": {\"operator-sdk/primary-resource\": \"openshift-cnv/template-validator-kubevirt-hyperconverged\", \"operator-sdk/primary-resource-type\": \"KubevirtTemplateValidator.ssp.kubevirt.io\"}, \"creationTimestamp\": \"2020-06-09T09:00:49Z\", \"labels\": {\"kubevirt.io\": \"\"}, \"managedFields\": [{\"apiVersion\": \"rbac.authorization.k8s.io/v1beta1\", \"fieldsType\": \"FieldsV1\", \"fieldsV1\": {\"f:metadata\": {\"f:annotations\": {\".\": {}, \"f:operator-sdk/primary-resource\": {}, \"f:operator-sdk/primary-resource-type\": {}}, \"f:labels\": {\".\": {}, \"f:kubevirt.io\": {}}}, \"f:rules\": {}}, \"manager\": \"Swagger-Codegen\", \"operation\": \"Update\", \"time\": \"2020-06-09T09:00:49Z\"}], \"name\": \"template:view\", \"resourceVersion\": \"54367\", \"selfLink\": \"/apis/rbac.authorization.k8s.io/v1beta1/clusterroles/template%3Aview\", \"uid\": \"65b0c25c-b182-4f41-9edb-c99b657e55e3\"}, \"rules\": [{\"apiGroups\": [\"template.openshift.io\"], \"resources\": [\"templates\"], \"verbs\": [\"get\", \"list\", \"watch\"]}]}}\u001b[0m\n\r\nTASK [KubevirtTemplateValidator : Create the service] **************************\r\n\u001b[1;30mtask path: /opt/ansible/roles/KubevirtTemplateValidator/tasks/main.yml:7\u001b[0m\n\u001b[0;32mok: [localhost] => (item=---\u001b[0m\r\n\u001b[0;32mkind: ServiceAccount\u001b[0m\r\n\u001b[0;32mapiVersion: v1\u001b[0m\r\n\u001b[0;32mmetadata:\u001b[0m\r\n\u001b[0;32m  name: template-validator\u001b[0m\r\n\u001b[0;32m  namespace: \"openshift-cnv\"\u001b[0m\r\n\u001b[0;32m  labels:\u001b[0m\r\n\u001b[0;32m    kubevirt.io: virt-template-validator) => {\"ansible_loop_var\": \"item\", \"changed\": false, \"item\": \"---\\nkind: ServiceAccount\\napiVersion: v1\\nmetadata:\\n  name: template-validator\\n  namespace: \\\"openshift-cnv\\\"\\n  labels:\\n    kubevirt.io: virt-template-validator\", \"method\": \"patch\", \"result\": {\"apiVersion\": \"v1\", \"imagePullSecrets\": [{\"name\": \"template-validator-dockercfg-g9g25\"}], \"kind\": \"ServiceAccount\", \"metadata\": {\"creationTimestamp\": \"2020-06-09T09:00:51Z\", \"labels\": {\"kubevirt.io\": \"virt-template-validator\"}, \"managedFields\": [{\"apiVersion\": \"v1\", \"fieldsType\": \"FieldsV1\", \"fieldsV1\": {\"f:metadata\": {\"f:labels\": {\".\": {}, \"f:kubevirt.io\": {}}, \"f:ownerReferences\": {\".\": {}, \"k:{\\\"uid\\\":\\\"c2f4d4dc-a595-4759-a5b1-e2d9745b1951\\\"}\": {\".\": {}, \"f:apiVersion\": {}, \"f:kind\": {}, \"f:name\": {}, \"f:uid\": {}}}}}, \"manager\": \"Swagger-Codegen\", \"operation\": \"Update\", \"time\": \"2020-06-09T09:00:51Z\"}, {\"apiVersion\": \"v1\", \"fieldsType\": \"FieldsV1\", \"fieldsV1\": {\"f:secrets\": {\".\": {}, \"k:{\\\"name\\\":\\\"template-validator-token-x6sst\\\"}\": {\".\": {}, \"f:name\": {}}}}, \"manager\": \"kube-controller-manager\", \"operation\": \"Update\", \"time\": \"2020-06-09T09:00:51Z\"}, {\"apiVersion\": \"v1\", \"fieldsType\": \"FieldsV1\", \"fieldsV1\": {\"f:imagePullSecrets\": {}, \"f:secrets\": {\"k:{\\\"name\\\":\\\"template-validator-dockercfg-g9g25\\\"}\": {\".\": {}, \"f:name\": {}}}}, \"manager\": \"openshift-controller-manager\", \"operation\": \"Update\", \"time\": \"2020-06-09T09:00:51Z\"}], \"name\": \"template-validator\", \"namespace\": \"openshift-cnv\", \"ownerReferences\": [{\"apiVersion\": \"ssp.kubevirt.io/v1\", \"kind\": \"KubevirtTemplateValidator\", \"name\": \"template-validator-kubevirt-hyperconverged\", \"uid\": \"c2f4d4dc-a595-4759-a5b1-e2d9745b1951\"}], \"resourceVersion\": \"54391\", \"selfLink\": \"/api/v1/namespaces/openshift-cnv/serviceaccounts/template-validator\", \"uid\": \"f98e423e-8066-4a5c-b5df-cb93976de76c\"}, \"secrets\": [{\"name\": \"template-validator-token-x6sst\"}, {\"name\": \"template-validator-dockercfg-g9g25\"}]}}\u001b[0m\n\u001b[0;32mok: [localhost] => (item=apiVersion: rbac.authorization.k8s.io/v1beta1\u001b[0m\r\n\u001b[0;32mkind: ClusterRoleBinding\u001b[0m\r\n\u001b[0;32mmetadata:\u001b[0m\r\n\u001b[0;32m  name: template-validator\u001b[0m\r\n\u001b[0;32m  namespace: \"openshift-cnv\"\u001b[0m\r\n\u001b[0;32m  labels:\u001b[0m\r\n\u001b[0;32m    kubevirt.io: virt-template-validator\u001b[0m\r\n\u001b[0;32mroleRef:\u001b[0m\r\n\u001b[0;32m  kind: ClusterRole\u001b[0m\r\n\u001b[0;32m  name: template:view\u001b[0m\r\n\u001b[0;32m  apiGroup: rbac.authorization.k8s.io\u001b[0m\r\n\u001b[0;32msubjects:\u001b[0m\r\n\u001b[0;32m  - kind: ServiceAccount\u001b[0m\r\n\u001b[0;32m    name: template-validator\u001b[0m\r\n\u001b[0;32m    namespace: \"openshift-cnv\") => {\"ansible_loop_var\": \"item\", \"changed\": false, \"item\": \"apiVersion: rbac.authorization.k8s.io/v1beta1\\nkind: ClusterRoleBinding\\nmetadata:\\n  name: template-validator\\n  namespace: \\\"openshift-cnv\\\"\\n  labels:\\n    kubevirt.io: virt-template-validator\\nroleRef:\\n  kind: ClusterRole\\n  name: template:view\\n  apiGroup: rbac.authorization.k8s.io\\nsubjects:\\n  - kind: ServiceAccount\\n    name: template-validator\\n    namespace: \\\"openshift-cnv\\\"\", \"method\": \"patch\", \"result\": {\"apiVersion\": \"rbac.authorization.k8s.io/v1beta1\", \"kind\": \"ClusterRoleBinding\", \"metadata\": {\"annotations\": {\"operator-sdk/primary-resource\": \"openshift-cnv/template-validator-kubevirt-hyperconverged\", \"operator-sdk/primary-resource-type\": \"KubevirtTemplateValidator.ssp.kubevirt.io\"}, \"creationTimestamp\": \"2020-06-09T09:00:52Z\", \"labels\": {\"kubevirt.io\": \"virt-template-validator\"}, \"managedFields\": [{\"apiVersion\": \"rbac.authorization.k8s.io/v1beta1\", \"fieldsType\": \"FieldsV1\", \"fieldsV1\": {\"f:metadata\": {\"f:annotations\": {\".\": {}, \"f:operator-sdk/primary-resource\": {}, \"f:operator-sdk/primary-resource-type\": {}}, \"f:labels\": {\".\": {}, \"f:kubevirt.io\": {}}}, \"f:roleRef\": {\"f:apiGroup\": {}, \"f:kind\": {}, \"f:name\": {}}, \"f:subjects\": {}}, \"manager\": \"Swagger-Codegen\", \"operation\": \"Update\", \"time\": \"2020-06-09T09:00:52Z\"}], \"name\": \"template-validator\", \"resourceVersion\": \"54413\", \"selfLink\": \"/apis/rbac.authorization.k8s.io/v1beta1/clusterrolebindings/template-validator\", \"uid\": \"27a26613-f495-4603-bf24-3c1674baebe3\"}, \"roleRef\": {\"apiGroup\": \"rbac.authorization.k8s.io\", \"kind\": \"ClusterRole\", \"name\": \"template:view\"}, \"subjects\": [{\"kind\": \"ServiceAccount\", \"name\": \"template-validator\", \"namespace\": \"openshift-cnv\"}]}}\u001b[0m\n\u001b[0;32mok: [localhost] => (item=apiVersion: v1\u001b[0m\r\n\u001b[0;32mkind: Service\u001b[0m\r\n\u001b[0;32mmetadata:\u001b[0m\r\n\u001b[0;32m  name: virt-template-validator\u001b[0m\r\n\u001b[0;32m  namespace: \"openshift-cnv\"\u001b[0m\r\n\u001b[0;32m  labels:\u001b[0m\r\n\u001b[0;32m    kubevirt.io: virt-template-validator\u001b[0m\r\n\u001b[0;32m  annotations:\u001b[0m\r\n\u001b[0;32m    service.alpha.openshift.io/serving-cert-secret-name: virt-template-validator-certs\u001b[0m\r\n\u001b[0;32mspec:\u001b[0m\r\n\u001b[0;32m  ports:\u001b[0m\r\n\u001b[0;32m  - name: webhook\u001b[0m\r\n\u001b[0;32m    port: 443\u001b[0m\r\n\u001b[0;32m    targetPort: 8443\u001b[0m\r\n\u001b[0;32m  selector:\u001b[0m\r\n\u001b[0;32m    kubevirt.io: virt-template-validator) => {\"ansible_loop_var\": \"item\", \"changed\": false, \"item\": \"apiVersion: v1\\nkind: Service\\nmetadata:\\n  name: virt-template-validator\\n  namespace: \\\"openshift-cnv\\\"\\n  labels:\\n    kubevirt.io: virt-template-validator\\n  annotations:\\n    service.alpha.openshift.io/serving-cert-secret-name: virt-template-validator-certs\\nspec:\\n  ports:\\n  - name: webhook\\n    port: 443\\n    targetPort: 8443\\n  selector:\\n    kubevirt.io: virt-template-validator\", \"method\": \"patch\", \"result\": {\"apiVersion\": \"v1\", \"kind\": \"Service\", \"metadata\": {\"annotations\": {\"service.alpha.openshift.io/serving-cert-secret-name\": \"virt-template-validator-certs\", \"service.alpha.openshift.io/serving-cert-signed-by\": \"openshift-service-serving-signer@1591688310\", \"service.beta.openshift.io/serving-cert-signed-by\": \"openshift-service-serving-signer@1591688310\"}, \"creationTimestamp\": \"2020-06-09T09:00:54Z\", \"labels\": {\"kubevirt.io\": \"virt-template-validator\"}, \"managedFields\": [{\"apiVersion\": \"v1\", \"fieldsType\": \"FieldsV1\", \"fieldsV1\": {\"f:metadata\": {\"f:annotations\": {\".\": {}, \"f:service.alpha.openshift.io/serving-cert-secret-name\": {}}, \"f:labels\": {\".\": {}, \"f:kubevirt.io\": {}}, \"f:ownerReferences\": {\".\": {}, \"k:{\\\"uid\\\":\\\"c2f4d4dc-a595-4759-a5b1-e2d9745b1951\\\"}\": {\".\": {}, \"f:apiVersion\": {}, \"f:kind\": {}, \"f:name\": {}, \"f:uid\": {}}}}, \"f:spec\": {\"f:ports\": {\".\": {}, \"k:{\\\"port\\\":443,\\\"protocol\\\":\\\"TCP\\\"}\": {\".\": {}, \"f:name\": {}, \"f:port\": {}, \"f:protocol\": {}, \"f:targetPort\": {}}}, \"f:selector\": {\".\": {}, \"f:kubevirt.io\": {}}, \"f:sessionAffinity\": {}, \"f:type\": {}}}, \"manager\": \"Swagger-Codegen\", \"operation\": \"Update\", \"time\": \"2020-06-09T09:00:54Z\"}, {\"apiVersion\": \"v1\", \"fieldsType\": \"FieldsV1\", \"fieldsV1\": {\"f:metadata\": {\"f:annotations\": {\"f:service.alpha.openshift.io/serving-cert-signed-by\": {}, \"f:service.beta.openshift.io/serving-cert-signed-by\": {}}}}, \"manager\": \"service-ca-operator\", \"operation\": \"Update\", \"time\": \"2020-06-09T09:00:54Z\"}], \"name\": \"virt-template-validator\", \"namespace\": \"openshift-cnv\", \"ownerReferences\": [{\"apiVersion\": \"ssp.kubevirt.io/v1\", \"kind\": \"KubevirtTemplateValidator\", \"name\": \"template-validator-kubevirt-hyperconverged\", \"uid\": \"c2f4d4dc-a595-4759-a5b1-e2d9745b1951\"}], \"resourceVersion\": \"54443\", \"selfLink\": \"/api/v1/namespaces/openshift-cnv/services/virt-template-validator\", \"uid\": \"9f59d4fa-9bf0-4776-b198-4728f5782125\"}, \"spec\": {\"clusterIP\": \"172.30.204.84\", \"ports\": [{\"name\": \"webhook\", \"port\": 443, \"protocol\": \"TCP\", \"targetPort\": 8443}], \"selector\": {\"kubevirt.io\": \"virt-template-validator\"}, \"sessionAffinity\": \"None\", \"type\": \"ClusterIP\"}, \"status\": {\"loadBalancer\": {}}}}\u001b[0m\n virt-template-validator-certs\u001b[0m\r\n\u001b[0;32m\u001b[0m\r\n\u001b[0;32m) => {\"ansible_loop_var\": \"item\", \"changed\": false, \"item\": \"apiVersion: apps/v1\\nkind: Deployment\\nmetadata:\\n  name: virt-template-validator\\n  namespace: \\\"openshift-cnv\\\"\\n  labels:\\n    name: virt-template-validator\\nspec:\\n  replicas: 2\\n  selector:\\n    matchLabels:\\n      kubevirt.io: virt-template-validator\\n  template:\\n    metadata:\\n      name: virt-template-validator\\n      labels:\\n        kubevirt.io: virt-template-validator\\n    spec:\\n      serviceAccountName: template-validator\\n      containers:\\n        - name: webhook\\n          image: registry-proxy.engineering.redhat.com/rh-osbs/container-native-virtualization-kubevirt-template-validator@sha256:b35cbca778da9fe1a4a460bf9a1b0b27b6a6afd9e413be4cdc368db580469ce3\\n          imagePullPolicy: Always\\n          resources:\\n            limits:\\n              memory: 250Mi\\n              cpu: 300m\\n            requests:\\n              memory: 250Mi\\n              cpu: 300m\\n          args:\\n            - -v=2\\n            - --port=8443\\n            - --cert-dir=/etc/webhook/certs\\n          volumeMounts:\\n            - name: tls\\n              mountPath: /etc/webhook/certs\\n              readOnly: true\\n          securityContext:\\n            readOnlyRootFilesystem: true\\n          ports:\\n          - name: webhook\\n            containerPort: 8443\\n            protocol: TCP\\n      volumes:\\n        - name: tls\\n          secret:\\n            secretName: virt-template-validator-certs\\n\\n\", \"method\": \"patch\", \"result\": {\"apiVersion\": \"apps/v1\", \"kind\": \"Deployment\", \"metadata\": {\"annotations\": {\"deployment.kubernetes.io/revision\": \"1\"}, \"creationTimestamp\": \"2020-06-09T09:00:55Z\", \"generation\": 1, \"labels\": {\"name\": \"virt-template-validator\"}, \"managedFields\": [{\"apiVersion\": \"apps/v1\", \"fieldsType\": \"FieldsV1\", \"fieldsV1\": {\"f:metadata\": {\"f:labels\": {\".\": {}, \"f:name\": {}}, \"f:ownerReferences\": {\".\": {}, \"k:{\\\"uid\\\":\\\"c2f4d4dc-a595-4759-a5b1-e2d9745b1951\\\"}\": {\".\": {}, \"f:apiVersion\": {}, \"f:kind\": {}, \"f:name\": {}, \"f:uid\": {}}}}, \"f:spec\": {\"f:progressDeadlineSeconds\": {}, \"f:replicas\": {}, \"f:revisionHistoryLimit\": {}, \"f:selector\": {\"f:matchLabels\": {\".\": {}, \"f:kubevirt.io\": {}}}, \"f:strategy\": {\"f:rollingUpdate\": {\".\": {}, \"f:maxSurge\": {}, \"f:maxUnavailable\": {}}, \"f:type\": {}}, \"f:template\": {\"f:metadata\": {\"f:labels\": {\".\": {}, \"f:kubevirt.io\": {}}, \"f:name\": {}}, \"f:spec\": {\"f:containers\": {\"k:{\\\"name\\\":\\\"webhook\\\"}\": {\".\": {}, \"f:args\": {}, \"f:image\": {}, \"f:imagePullPolicy\": {}, \"f:name\": {}, \"f:ports\": {\".\": {}, \"k:{\\\"containerPort\\\":8443,\\\"protocol\\\":\\\"TCP\\\"}\": {\".\": {}, \"f:containerPort\": {}, \"f:name\": {}, \"f:protocol\": {}}}, \"f:resources\": {\".\": {}, \"f:limits\": {\".\": {}, \"f:cpu\": {}, \"f:memory\": {}}, \"f:requests\": {\".\": {}, \"f:cpu\": {}, \"f:memory\": {}}}, \"f:securityContext\": {\".\": {}, \"f:readOnlyRootFilesystem\": {}}, \"f:terminationMessagePath\": {}, \"f:terminationMessagePolicy\": {}, \"f:volumeMounts\": {\".\": {}, \"k:{\\\"mountPath\\\":\\\"/etc/webhook/certs\\\"}\": {\".\": {}, \"f:mountPath\": {}, \"f:name\": {}, \"f:readOnly\": {}}}}}, \"f:dnsPolicy\": {}, \"f:restartPolicy\": {}, \"f:schedulerName\": {}, \"f:securityContext\": {}, \"f:serviceAccount\": {}, \"f:serviceAccountName\": {}, \"f:terminationGracePeriodSeconds\": {}, \"f:volumes\": {\".\": {}, \"k:{\\\"name\\\":\\\"tls\\\"}\": {\".\": {}, \"f:name\": {}, \"f:secret\": {\".\": {}, \"f:defaultMode\": {}, \"f:secretName\": {}}}}}}}}, \"manager\": \"Swagger-Codegen\", \"operation\": \"Update\", \"time\": \"2020-06-09T09:00:55Z\"}, {\"apiVersion\": \"apps/v1\", \"fieldsType\": \"FieldsV1\", \"fieldsV1\": {\"f:metadata\": {\"f:annotations\": {\".\": {}, \"f:deployment.kubernetes.io/revision\": {}}}, \"f:status\": {\"f:availableReplicas\": {}, \"f:conditions\": {\".\": {}, \"k:{\\\"type\\\":\\\"Available\\\"}\": {\".\": {}, \"f:lastTransitionTime\": {}, \"f:lastUpdateTime\": {}, \"f:message\": {}, \"f:reason\": {}, \"f:status\": {}, \"f:type\": {}}, \"k:{\\\"type\\\":\\\"Progressing\\\"}\": {\".\": {}, \"f:lastTransitionTime\": {}, \"f:lastUpdateTime\": {}, \"f:message\": {}, \"f:reason\": {}, \"f:status\": {}, \"f:type\": {}}}, \"f:observedGeneration\": {}, \"f:readyReplicas\": {}, \"f:replicas\": {}, \"f:updatedReplicas\": {}}}, \"manager\": \"kube-controller-manager\", \"operation\": \"Update\", \"time\": \"2020-06-09T09:13:57Z\"}], \"name\": \"virt-template-validator\", \"namespace\": \"openshift-cnv\", \"ownerReferences\": [{\"apiVersion\": \"ssp.kubevirt.io/v1\", \"kind\": \"KubevirtTemplateValidator\", \"name\": \"template-validator-kubevirt-hyperconverged\", \"uid\": \"c2f4d4dc-a595-4759-a5b1-e2d9745b1951\"}], \"resourceVersion\": \"66696\", \"selfLink\": \"/apis/apps/v1/namespaces/openshift-cnv/deployments/virt-template-validator\", \"uid\": \"daa45e3b-3f65-4534-981a-08cb234f6c65\"}, \"spec\": {\"progressDeadlineSeconds\": 600, \"replicas\": 2, \"revisionHistoryLimit\": 10, \"selector\": {\"matchLabels\": {\"kubevirt.io\": \"virt-template-validator\"}}, \"strategy\": {\"rollingUpdate\": {\"maxSurge\": \"25%\", \"maxUnavailable\": \"25%\"}, \"type\": \"RollingUpdate\"}, \"template\": {\"metadata\": {\"creationTimestamp\": null, \"labels\": {\"kubevirt.io\": \"virt-template-validator\"}, \"name\": \"virt-template-validator\"}, \"spec\": {\"containers\": [{\"args\": [\"-v=2\", \"--port=8443\", \"--cert-dir=/etc/webhook/certs\"], \"image\": \"registry-proxy.engineering.redhat.com/rh-osbs/container-native-virtualization-kubevirt-template-validator@sha256:b35cbca778da9fe1a4a460bf9a1b0b27b6a6afd9e413be4cdc368db580469ce3\", \"imagePullPolicy\": \"Always\", \"name\": \"webhook\", \"ports\": [{\"containerPort\": 8443, \"name\": \"webhook\", \"protocol\": \"TCP\"}], \"resources\": {\"limits\": {\"cpu\": \"300m\", \"memory\": \"250Mi\"}, \"requests\": {\"cpu\": \"300m\", \"memory\": \"250Mi\"}}, \"securityContext\": {\"readOnlyRootFilesystem\": true}, \"terminationMessagePath\": \"/dev/termination-log\", \"terminationMessagePolicy\": \"File\", \"volumeMounts\": [{\"mountPath\": \"/etc/webhook/certs\", \"name\": \"tls\", \"readOnly\": true}]}], \"dnsPolicy\": \"ClusterFirst\", \"restartPolicy\": \"Always\", \"schedulerName\": \"default-scheduler\", \"securityContext\": {}, \"serviceAccount\": \"template-validator\", \"serviceAccountName\": \"template-validator\", \"terminationGracePeriodSeconds\": 30, \"volumes\": [{\"name\": \"tls\", \"secret\": {\"defaultM\u001b[0;32mok: [localhost] => (item=apiVersion: apps/v1\u001b[0m\r\n\u001b[0;32mkind: Deployment\u001b[0m\r\n\u001b[0;32mmetadata:\u001b[0m\r\n\u001b[0;32m  name: virt-template-validator\u001b[0m\r\n\u001b[0;32m  namespace: \"openshift-cnv\"\u001b[0m\r\n\u001b[0;32m  labels:\u001b[0m\r\n\u001b[0;32m    name: virt-template-validator\u001b[0m\r\n\u001b[0;32mspec:\u001b[0m\r\n\u001b[0;32m  replicas: 2\u001b[0m\r\n\u001b[0;32m  selector:\u001b[0m\r\n\u001b[0;32m    matchLabels:\u001b[0m\r\n\u001b[0;32m      kubevirt.io: virt-template-validator\u001b[0m\r\n\u001b[0;32m  template:\u001b[0m\r\n\u001b[0;32m    metadata:\u001b[0m\r\n\u001b[0;32m      name: virt-template-validator\u001b[0m\r\n\u001b[0;32m      labels:\u001b[0m\r\n\u001b[0;32m        kubevirt.io: virt-template-validator\u001b[0m\r\n\u001b[0;32m    spec:\u001b[0m\r\n\u001b[0;32m      serviceAccountName: template-validator\u001b[0m\r\n\u001b[0;32m      containers:\u001b[0m\r\n\u001b[0;32m        - name: webhook\u001b[0m\r\n\u001b[0;32m          image: registry-proxy.engineering.redhat.com/rh-osbs/container-native-virtualization-kubevirt-template-validator@sha256:b35cbca778da9fe1a4a460bf9a1b0b27b6a6afd9e413be4cdc368db580469ce3\u001b[0m\r\n\u001b[0;32m          imagePullPolicy: Always\u001b[0m\r\n\u001b[0;32m          resources:\u001b[0m\r\n\u001b[0;32m            limits:\u001b[0m\r\n\u001b[0;32m              memory: 250Mi\u001b[0m\r\n\u001b[0;32m              cpu: 300m\u001b[0m\r\n\u001b[0;32m            requests:\u001b[0m\r\n\u001b[0;32m              memory: 250Mi\u001b[0m\r\n\u001b[0;32m              cpu: 300m\u001b[0m\r\n\u001b[0;32m          args:\u001b[0m\r\n\u001b[0;32m            - -v=2\u001b[0m\r\n\u001b[0;32m            - --port=8443\u001b[0m\r\n\u001b[0;32m            - --cert-dir=/etc/webhook/certs\u001b[0m\r\n\u001b[0;32m          volumeMounts:\u001b[0m\r\n\u001b[0;32m            - name: tls\u001b[0m\r\n\u001b[0;32m              mountPath: /etc/webhook/certs\u001b[0m\r\n\u001b[0;32m              readOnly: true\u001b[0m\r\n\u001b[0;32m          securityContext:\u001b[0m\r\n\u001b[0;32m            readOnlyRootFilesystem: true\u001b[0m\r\n\u001b[0;32m          ports:\u001b[0m\r\n\u001b[0;32m          - name: webhook\u001b[0m\r\n\u001b[0;32m            containerPort: 8443\u001b[0m\r\n\u001b[0;32m            protocol: TCP\u001b[0m\r\n\u001b[0;32m      volumes:\u001b[0m\r\n\u001b[0;32m        - name: tls\u001b[0m\r\n\u001b[0;32m          secret:\u001b[0m\r\n\u001b[0;32m            secretName: virt-template-validator-certs\u001b[0m\r\n\u001b[0;32m\u001b[0m\r\n\u001b[0;32m) => {\"ansible_loop_var\": \"item\", \"changed\": false, \"item\": \"apiVersion: apps/v1\\nkind: Deployment\\nmetadata:\\n  name: virt-template-validator\\n  namespace: \\\"openshift-cnv\\\"\\n  labels:\\n    name: virt-template-validator\\nspec:\\n  replicas: 2\\n  selector:\\n    matchLabels:\\n      kubevirt.io: virt-template-validator\\n  template:\\n    metadata:\\n      name: virt-template-validator\\n      labels:\\n        kubevirt.io: virt-template-validator\\n    spec:\\n      serviceAccountName: template-validator\\n      containers:\\n        - name: webhook\\n          image: registry-proxy.engineering.redhat.com/rh-osbs/container-native-virtualization-kubevirt-template-validator@sha256:b35cbca778da9fe1a4a460bf9a1b0b27b6a6afd9e413be4cdc368db580469ce3\\n          imagePullPolicy: Always\\n          resources:\\n            limits:\\n              memory: 250Mi\\n              cpu: 300m\\n            requests:\\n              memory: 250Mi\\n              cpu: 300m\\n          args:\\n            - -v=2\\n            - --port=8443\\n            - --cert-dir=/etc/webhook/certs\\n          volumeMounts:\\n            - name: tls\\n              mountPath: /etc/webhook/certs\\n              readOnly: true\\n          securityContext:\\n            readOnlyRootFilesystem: true\\n          ports:\\n          - name: webhook\\n            containerPort: 8443\\n            protocol: TCP\\n      volumes:\\n        - name: tls\\n          secret:\\n            secretName: virt-template-validator-certs\\n\\n\", \"method\": \"patch\", \"result\": {\"apiVersion\": \"apps/v1\", \"kind\": \"Deployment\", \"metadata\": {\"annotations\": {\"deployment.kubernetes.io/revision\": \"1\"}, \"creationTimestamp\": \"2020-06-09T09:00:55Z\", \"generation\": 1, \"labels\": {\"name\": \"virt-template-validator\"}, \"managedFields\": [{\"apiVersion\": \"apps/v1\", \"fieldsType\": \"FieldsV1\", \"fieldsV1\": {\"f:metadata\": {\"f:labels\": {\".\": {}, \"f:name\": {}}, \"f:ownerReferences\": {\".\": {}, \"k:{\\\"uid\\\":\\\"c2f4d4dc-a595-4759-a5b1-e2d9745b1951\\\"}\": {\".\": {}, \"f:apiVersion\": {}, \"f:kind\": {}, \"f:name\": {}, \"f:uid\": {}}}}, \"f:spec\": {\"f:progressDeadlineSeconds\": {}, \"f:replicas\": {}, \"f:revisionHistoryLimit\": {}, \"f:selector\": {\"f:matchLabels\": {\".\": {}, \"f:kubevirt.io\": {}}}, \"f:strategy\": {\"f:rollingUpdate\": {\".\": {}, \"f:maxSurge\": {}, \"f:maxUnavailable\": {}}, \"f:type\": {}}, \"f:template\": {\"f:metadata\": {\"f:labels\": {\".\": {}, \"f:kubevirt.io\": {}}, \"f:name\": {}}, \"f:spec\": {\"f:containers\": {\"k:{\\\"name\\\":\\\"webhook\\\"}\": {\".\": {}, \"f:args\": {}, \"f:image\": {}, \"f:imagePullPolicy\": {}, \"f:name\": {}, \"f:ports\": {\".\": {}, \"k:{\\\"containerPort\\\":8443,\\\"protocol\\\":\\\"TCP\\\"}\": {\".\": {}, \"f:containerPort\": {}, \"f:name\": {}, \"f:protocol\": {}}}, \"f:resources\": {\".\": {}, \"f:limits\": {\".\": {}, \"f:cpu\": {}, \"f:memory\": {}}, \"f:requests\": {\".\": {}, \"f:cpu\": {}, \"f:memory\": {}}}, \"f:securityContext\": {\".\": {}, \"f:readOnlyRootFilesystem\": {}}, \"f:terminationMessagePath\": {}, \"f:terminationMessagePolicy\": {}, \"f:volumeMounts\": {\".\": {}, \"k:{\\\"mountPath\\\":\\\"/etc/webhook/certs\\\"}\": {\".\": {}, \"f:mountPath\": {}, \"f:name\": {}, \"f:readOnly\": {}}}}}, \"f:dnsPolicy\": {}, \"f:restartPolicy\": {}, \"f:schedulerName\": {}, \"f:securityContext\": {}, \"f:serviceAccount\": {}, \"f:serviceAccountName\": {}, \"f:terminationGracePeriodSeconds\": {}, \"f:volumes\": {\".\": {}, \"k:{\\\"name\\\":\\\"tls\\\"}\": {\".\": {}, \"f:name\": {}, \"f:secret\": {\".\": {}, \"f:defaultMode\": {}, \"f:secretName\": {}}}}}}}}, \"manager\": \"Swagger-Codegen\", \"operation\": \"Update\", \"time\": \"2020-06-09T09:00:55Z\"}, {\"apiVersion\": \"apps/v1\", \"fieldsType\": \"FieldsV1\", \"fieldsV1\": {\"f:metadata\": {\"f:annotations\": {\".\": {}, \"f:deployment.kubernetes.io/revision\": {}}}, \"f:status\": {\"f:availableReplicas\": {}, \"f:conditions\": {\".\": {}, \"k:{\\\"type\\\":\\\"Available\\\"}\": {\".\": {}, \"f:lastTransitionTime\": {}, \"f:lastUpdateTime\": {}, \"f:message\": {}, \"f:reason\": {}, \"f:status\": {}, \"f:type\": {}}, \"k:{\\\"type\\\":\\\"Progressing\\\"}\": {\".\": {}, \"f:lastTransitionTime\": {}, \"f:lastUpdateTime\": {}, \"f:message\": {}, \"f:reason\": {}, \"f:status\": {}, \"f:type\": {}}}, \"f:observedGeneration\": {}, \"f:readyReplicas\": {}, \"f:replicas\": {}, \"f:updatedReplicas\": {}}}, \"manager\": \"kube-controller-manager\", \"operation\": \"Update\", \"time\": \"2020-06-09T09:13:57Z\"}], \"name\": \"virt-template-validator\", \"namespace\": \"openshift-cnv\", \"ownerReferences\": [{\"apiVersion\": \"ssp.kubevirt.io/v1\", \"kind\": \"KubevirtTemplateValidator\", \"name\": \"template-validator-kubevirt-hyperconverged\", \"uid\": \"c2f4d4dc-a595-4759-a5b1-e2d9745b1951\"}], \"resourceVersion\": \"66696\", \"selfLink\": \"/apis/apps/v1/namespaces/openshift-cnv/deployments/virt-template-validator\", \"uid\": \"daa45e3b-3f65-4534-981a-08cb234f6c65\"}, \"spec\": {\"progressDeadlineSeconds\": 600, \"replicas\": 2, \"revisionHistoryLimit\": 10, \"selector\": {\"matchLabels\": {\"kubevirt.io\": \"virt-template-validator\"}}, \"strategy\": {\"rollingUpdate\": {\"maxSurge\": \"25%\", \"maxUnavailable\": \"25%\"}, \"type\": \"RollingUpdate\"}, \"template\": {\"metadata\": {\"creationTimestamp\": null, \"labels\": {\"kubevirt.io\": \"virt-template-validator\"}, \"name\": \"virt-template-validator\"}, \"spec\": {\"containers\": [{\"args\": [\"-v=2\", \"--port=8443\", \"--cert-dir=/etc/webhook/certs\"], \"image\": \"registry-proxy.engineering.redhat.com/rh-osbs/container-native-virtualization-kubevirt-template-validator@sha256:b35cbca778da9fe1a4a460bf9a1b0b27b6a6afd9e413be4cdc368db580469ce3\", \"imagePullPolicy\": \"Always\", \"name\": \"webhook\", \"ports\": [{\"containerPort\": 8443, \"name\": \"webhook\", \"protocol\": \"TCP\"}], \"resources\": {\"limits\": {\"cpu\": \"300m\", \"memory\": \"250Mi\"}, \"requests\": {\"cpu\": \"300m\", \"memory\": \"250Mi\"}}, \"securityContext\": {\"readOnlyRootFilesystem\": true}, \"terminationMessagePath\": \"/dev/termination-log\", \"terminationMessagePolicy\": \"File\", \"volumeMounts\": [{\"mountPath\": \"/etc/webhook/certs\", \"name\": \"tls\", \"readOnly\": true}]}], \"dnsPolicy\": \"ClusterFirst\", \"restartPolicy\": \"Always\", \"schedulerName\": \"default-scheduler\", \"securityContext\": {}, \"serviceAccount\": \"template-validator\", \"serviceAccountName\": \"template-validator\", \"terminationGracePeriodSeconds\": 30, \"volumes\": [{\"name\": \"tls\", \"secret\": {\"defaultMode\": 420, \"secretName\": \"virt-template-validator-certs\"}}]}}}, \"status\": {\"availableReplicas\": 2, \"conditions\": [{\"lastTransitionTime\": \"2020-06-09T09:00:55Z\", \"lastUpdateTime\": \"2020-06-09T09:01:08Z\", \"message\": \"ReplicaSet \\\"virt-template-validator-7d4b698cc6\\\" has successfully progressed.\", \"reason\": \"NewReplicaSetAvailable\", \"status\": \"True\", \"type\": \"Progressing\"}, {\"lastTransitionTime\": \"2020-06-09T09:13:57Z\", \"lastUpdateTime\": \"2020-06-09T09:13:57Z\", \"message\": \"Deployment has minimum availability.\", \"reason\": \"MinimumReplicasAvailable\", \"status\": \"True\", \"type\": \"Available\"}], \"observedGeneration\": 1, \"readyReplicas\": 2, \"replicas\": 2, \"updatedReplicas\": 2}}}\u001b[0m\n\r\nTASK [KubevirtTemplateValidator : Extract the CA bundle] ***********************\r\n\u001b[1;30mtask path: /opt/ansible/roles/KubevirtTemplateValidator/tasks/main.yml:16\u001b[0m\n\u001b[1;35m[WARNING]: Unable to find '/var/run/secrets/kubernetes.io/serviceaccount\u001b[0m\r\n\u001b[1;35m/service-ca.crt' in expected paths (use -vvvvv to see paths)\u001b[0m\n\u001b[0;31mfatal: [localhost]: FAILED! => {\"msg\": \"An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt\"}\u001b[0m\n\r\nPLAY RECAP *********************************************************************\r\n\u001b[0;31mlocalhost\u001b[0m                  : \u001b[0;32mok=8   \u001b[0m changed=0    unreachable=0    \u001b[0;31mfailed=1   \u001b[0m skipped=0    rescued=0    ignored=0   \r\n\n","job":"894385949183117216","name":"template-validator-kubevirt-hyperconverged","namespace":"openshift-cnv","error":"exit status 2","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\tsrc/github.com/operator-framework/operator-sdk/vendor/github.com/go-logr/zapr/zapr.go:128\ngithub.com/operator-framework/operator-sdk/pkg/ansible/runner.(*runner).Run.func1\n\tsrc/github.com/operator-framework/operator-sdk/pkg/ansible/runner/runner.go:199"}
{"level":"info","ts":1591694169.2168815,"logger":"logging_event_handler","msg":"[playbook task]","name":"template-validator-kubevirt-hyperconverged","namespace":"openshift-cnv","gvk":"ssp.kubevirt.io/v1, Kind=KubevirtTemplateValidator","event_type":"playbook_on_task_start","job":"2703501726821866378","EventData.Name":"Gathering Facts"}

Comment 1 Ruth Netser 2020-06-09 11:13:20 UTC

template-validator webhook is not deployed:

$ oc get validatingwebhookconfigurations|grep -i templa

Does not return anything


'An unhandled exception occurred while running the lookup plugin ''file''.
        Error was a <class ''ansible.errors.AnsibleError''>, original message: could
        not locate file in lookup: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt'

Comment 2 Ruth Netser 2020-06-25 13:22:30 UTC

Verified on CNV-2.4.0, OCP: 4.5.0-rc.2, SSP build 58:
1. virt-template-validator validatingwebhookconfigurations is deployed
2. VM creation using templates - template validator is called (and reports error/warning when needed)

Comment 5 errata-xmlrpc 2020-07-28 19:10:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:3194

Note You need to log in before you can comment on or make changes to this bug.