Description of problem: When deploy ping-pong sample chart, no cert-manager pod created Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Install SRO4.10 in OCP4.10 2. Deploy ping-pong sample chart Actual results: No cert-manager and ping-pong pod created and operator log threw below error: 021-12-22T02:07:19.674Z INFO cert-manager RECONCILE REQUEUE: Could not reconcile chart {"error": "failed to get push secret name: Cannot find Secret builder-dockercfg"} Expected results: cert-manager and ping-pong pod should sucessfully created Additional info:
oc get pods -n cert-manager NAME READY STATUS RESTARTS AGE cert-manager-5b578dc44c-dn5wj 1/1 Running 0 42s cert-manager-cainjector-548bf687d8-n2p7f 1/1 Running 0 42s cert-manager-startupapicheck--1-6795w 1/1 Running 0 39s cert-manager-webhook-6d5cb74789-k2gvq 1/1 Running 0 42s The cert-manager pod created, but failed to create ping-pong, please see attachment for the detailed log The operator error as below: 2021-12-24T08:47:30.707Z INFO resource Found, updating {"Kind": "Job: cert-manager/cert-manager-startupapicheck"} 2021-12-24T08:47:31.502Z INFO cert-manager RECONCILE REQUEUE: Could not reconcile chart {"error": "cannot reconcile hardware states: failed post-install: hook execution failed cert-manager-startupapicheck cert-manager/templates/startupapicheck-job.yaml: CRUD exited non-zero on Object: &{Object:map[apiVersion:batch/v1 kind:Job metadata:map[annotations:map[helm.sh/hook:post-install helm.sh/hook-delete-policy:hook-succeeded helm.sh/hook-weight:1 meta.helm.sh/release-name:cert-manager meta.helm.sh/release-namespace:cert-manager] labels:map[app:startupapicheck app.kubernetes.io/component:startupapicheck app.kubernetes.io/instance:cert-manager app.kubernetes.io/managed-by:Helm app.kubernetes.io/name:startupapicheck app.kubernetes.io/version:v1.5.0 helm.sh/chart:cert-manager-v1.5.0 specialresource.openshift.io/owned:true] name:cert-manager-startupapicheck namespace:cert-manager ownerReferences:[map[apiVersion:sro.openshift.io/v1beta1 blockOwnerDeletion:true controller:true kind:SpecialResource name:cert-manager uid:c39b1dff-ca12-4a5f-a285-df9b63fb39f3]]] spec:map[backoffLimit:4 template:map[metadata:map[labels:map[app:startupapicheck app.kubernetes.io/component:startupapicheck app.kubernetes.io/instance:cert-manager app.kubernetes.io/managed-by:Helm app.kubernetes.io/name:startupapicheck app.kubernetes.io/version:v1.5.0 helm.sh/chart:cert-manager-v1.5.0]] spec:map[containers:[map[args:[check api --wait=1m] image:quay.io/jetstack/cert-manager-ctl:v1.5.0 imagePullPolicy:IfNotPresent name:cert-manager resources:map[]]] restartPolicy:OnFailure securityContext:map[runAsNonRoot:true] serviceAccountName:cert-manager-startupapicheck]]]]}: couldn't Update Resource: Job.batch \"cert-manager-startupapicheck\" is invalid: [spec.selector: Required value, spec.template.metadata.labels: Invalid value: map[string]string{\"app\":\"startupapicheck\", \"app.kubernetes.io/component\":\"startupapicheck\", \"app.kubernetes.io/instance\":\"cert-manager\", \"app.kubernetes.io/managed-by\":\"Helm\", \"app.kubernetes.io/name\":\"startupapicheck\", \"app.kubernetes.io/version\":\"v1.5.0\", \"helm.sh/chart\":\"cert-manager-v1.5.0\"}: `selector` does not match template `labels`, spec.selector: Invalid value: \"null\": field is immutable, spec.template: Invalid value: core.PodTemplateSpec{ObjectMeta:v1.ObjectMeta{Name:\"\", GenerateName:\"\", Namespace:\"\", SelfLink:\"\", UID:\"\", ResourceVersion:\"\", Generation:0, CreationTimestamp:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), DeletionTimestamp:<nil>, DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string{\"app\":\"startupapicheck\", \"app.kubernetes.io/component\":\"startupapicheck\", \"app.kubernetes.io/instance\":\"cert-manager\", \"app.kubernetes.io/managed-by\":\"Helm\", \"app.kubernetes.io/name\":\"startupapicheck\", \"app.kubernetes.io/version\":\"v1.5.0\", \"helm.sh/chart\":\"cert-manager-v1.5.0\"}, Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]string(nil), ClusterName:\"\", ManagedFields:[]v1.ManagedFieldsEntry(nil)}, Spec:core.PodSpec{Volumes:[]core.Volume(nil), InitContainers:[]core.Container(nil), Containers:[]core.Container{core.Container{Name:\"cert-manager\", Image:\"quay.io/jetstack/cert-manager-ctl:v1.5.0\", Command:[]string(nil), Args:[]string{\"check\", \"api\", \"--wait=1m\"}, WorkingDir:\"\", Ports:[]core.ContainerPort(nil), EnvFrom:[]core.EnvFromSource(nil), Env:[]core.EnvVar(nil), Resources:core.ResourceRequirements{Limits:core.ResourceList(nil), Requests:core.ResourceList(nil)}, VolumeMounts:[]core.VolumeMount(nil), VolumeDevices:[]core.VolumeDevice(nil), LivenessProbe:(*core.Probe)(nil), ReadinessProbe:(*core.Probe)(nil), StartupProbe:(*core.Probe)(nil), Lifecycle:(*core.Lifecycle)(nil), TerminationMessagePath:\"/dev/termination-log\", TerminationMessagePolicy:\"File\", ImagePullPolicy:\"IfNotPresent\", SecurityContext:(*core.SecurityContext)(nil), Stdin:false, StdinOnce:false, TTY:false}}, EphemeralContainers:[]core.EphemeralContainer(nil), RestartPolicy:\"OnFailure\", TerminationGracePeriodSeconds:(*int64)(0xc03df5dc78), ActiveDeadlineSeconds:(*int64)(nil), DNSPolicy:\"ClusterFirst\", NodeSelector:map[string]string(nil), ServiceAccountName:\"cert-manager-startupapicheck\", AutomountServiceAccountToken:(*bool)(nil), NodeName:\"\", SecurityContext:(*core.PodSecurityContext)(0xc01ef5cd80), ImagePullSecrets:[]core.LocalObjectReference(nil), Hostname:\"\", Subdomain:\"\", SetHostnameAsFQDN:(*bool)(nil), Affinity:(*core.Affinity)(nil), SchedulerName:\"default-scheduler\", Tolerations:[]core.Toleration(nil), HostAliases:[]core.HostAlias(nil), PriorityClassName:\"\", Priority:(*int32)(nil), PreemptionPolicy:(*core.PreemptionPolicy)(nil), DNSConfig:(*core.PodDNSConfig)(nil), ReadinessGates:[]core.PodReadinessGate(nil), RuntimeClassName:(*string)(nil), Overhead:core.ResourceList(nil), EnableServiceLinks:(*bool)(nil), TopologySpreadConstraints:[]core.TopologySpreadConstraint(nil)}}: field is immutable]"} 2021-12-24T08:47:31.502Z INFO preamble Controller Request {"Name": "ping-pong", "Namespace": ""}
Verified Result: The cert-manager pods and ping-pong has been created. [ocpadmin@ec2-18-217-45-133 ~]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.0-0.nightly-2022-01-05-181126 True False 33m Cluster version is 4.10.0-0.nightly-2022-01-05-181126 [ocpadmin@ec2-18-217-45-133 ~]$ oc get pods -n cert-manager NAME READY STATUS RESTARTS AGE cert-manager-5b578dc44c-6h74z 1/1 Running 0 4m1s cert-manager-cainjector-548bf687d8-f2jr4 1/1 Running 0 4m1s cert-manager-webhook-6d5cb74789-cn6w7 1/1 Running 0 4m1s [ocpadmin@ec2-18-217-45-133 ~]$ oc get pods -n ping-pong NAME READY STATUS RESTARTS AGE ping-pong-client-7fd9cc6848-6bf92 1/1 Running 0 103s ping-pong-server-7b8b5c98c4-hdqz4 1/1 Running 0 2m
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056