Description of problem: Version-Release number of selected component (if applicable): Server Version: 4.5.6 How reproducible: 100% Steps to Reproduce: 1. Create a containerruntime config like this: ``` apiVersion: machineconfiguration.openshift.io/v1 kind: ContainerRuntimeConfig metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"machineconfiguration.openshift.io/v1","kind":"ContainerRuntimeConfig","metadata":{"annotations":{},"name":"pthread-debug"},"spec":{"containerRuntimeConfig":{"pidsLimit":0},"machineConfigPoolSelector":{"matchLabels":{"pthread-debug":"true"}}}} creationTimestamp: "2020-08-28T16:45:41Z" generation: 1 manager: machine-config-controller operation: Update time: "2020-08-28T17:25:43Z" name: pthread-debug resourceVersion: "58399299" selfLink: /apis/machineconfiguration.openshift.io/v1/containerruntimeconfigs/pthread-debug uid: 21ac7f13-eaaf-403b-a33f-b3250eedf5ff spec: containerRuntimeConfig: pidsLimit: 0 machineConfigPoolSelector: matchLabels: pthread-debug: "true" status: conditions: - lastTransitionTime: "2020-08-28T16:45:41Z" message: 'could not add finalizers to ContainerRuntimeConfig: could not add finalizers to ContainerRuntimeConfig: %v' status: "False" type: Failure observedGeneration: 1 ``` Actual results: * There is a useless condition like this on the containerruntimeconfig: ``` conditions: - lastTransitionTime: "2020-08-28T16:45:41Z" message: 'could not add finalizers to ContainerRuntimeConfig: could not add finalizers to ContainerRuntimeConfig: %v' ``` The machine config operator logs: ``` I0828 15:49:12.750465 1 container_runtime_config_controller.go:352] Error syncing containerruntimeconfig pthread-debug: ContainerRuntimeConfig.machineconfiguration.openshift.io "pthread-debug" is invalid: metadata.finalizers: Invalid value: "99-pthread-debug-53728114-21bf-4af7-a0bc-3fe4ee908d6d-containerruntime": name part must be no more than 63 characters ``` Expected results: * The condition contains the error and not an unresolved format string * The controller shortens the name until its short enough or uses something else there (I guess this ends up in a label value? If yes, maybe use the first 63 chars of the UUID?) Additional info:
The name length issue has been fixed in 4.6, and I think the plan was to not backport it to 4.5, but I will double check. Will look into why the finalizer error is not showing up in the ctrcfg status while other errors show up. This is not a release blocker, so setting severity to low.
Reassigning to Qi to take a look at why the errors are not showing up correctly in the status.
- the issue description "There is a useless condition", so the error like "not valid yaml" is expected, rather than silently ignores error: name > 63 characters? - why it is useless condition ? I saw the definition here? https://github.com/openshift/machine-config-operator/blob/ca283c2500df8cdc787600e8fcbd311b99859538/install/0000_80_machine-config-operator_01_containerruntimeconfig.crd.yaml#L140
verified on version : 4.7.0-0.nightly-2021-01-19-095812 [lyman@localhost env]$ oc get ctrcfg -o yaml apiVersion: v1 items: - apiVersion: machineconfiguration.openshift.io/v1 kind: ContainerRuntimeConfig metadata: creationTimestamp: "2021-01-20T07:29:52Z" finalizers: - 99-worker-generated-containerruntime generation: 4 managedFields: - apiVersion: machineconfiguration.openshift.io/v1 fieldsType: FieldsV1 ... manager: oc operation: Update time: "2021-01-20T08:20:58Z" name: pthread-debug resourceVersion: "100015" selfLink: /apis/machineconfiguration.openshift.io/v1/containerruntimeconfigs/pthread-debug uid: babc70c4-57bb-437a-b65d-52aff7b0abe8 spec: containerRuntimeConfig: pidsLimit: 2048 machineConfigPoolSelector: matchLabels: pthread-debug: "true" status: conditions: - lastTransitionTime: "2021-01-20T08:20:58Z" message: Success status: "True" type: Success observedGeneration: 4 sh-4.4# chroot /host sh-4.4# crio config | grep "pids_limit" INFO[0000] Starting CRI-O, version: 1.20.0-0.rhaos4.7.gitd9f17c8.el8.42, git: () INFO Using default capabilities: CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_FSETID, CAP_FOWNER, CAP_SETGID, CAP_SETUID, CAP_SETPCAP, CAP_NET_BIND_SERVICE, CAP_KILL pids_limit = 2048 sh-4.4#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633