Created attachment 1871722 [details] APIRemovedInNextEUSReleaseInUse alert for podsecuritypolicies Description of problem: APIRemovedInNextEUSReleaseInUse alert fired for podsecuritypolicies which use v1beta1 version alert detail - alert: APIRemovedInNextEUSReleaseInUse annotations: description: Deprecated API that will be removed in the next EUS version is being used. Removing the workload that is using the {{ $labels.group }}.{{ $labels.version }}/{{ $labels.resource }} API might be necessary for a successful upgrade to the next EUS cluster version. Refer to `oc get apirequestcounts {{ $labels.resource }}.{{ $labels.version }}.{{ $labels.group }} -o yaml` to identify the workload. summary: Deprecated API that will be removed in the next EUS version is being used. expr: | group(apiserver_requested_deprecated_apis{removed_release=~"1\\.2[45]"}) by (group,version,resource) and (sum by(group,version,resource) (rate(apiserver_request_total{system_client!="kube-controller-manager",system_client!="cluster-policy-controller"}[4h]))) > 0 for: 1h labels: namespace: openshift-kube-apiserver severity: info # oc get podsecuritypolicies Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+ # oc explain podsecuritypolicies KIND: PodSecurityPolicy VERSION: policy/v1beta1 checked from apirequestcounts, openshift-insights used podsecuritypolicies.v1beta1.policy # oc get apirequestcounts podsecuritypolicies.v1beta1.policy -o yaml apiVersion: apiserver.openshift.io/v1 kind: APIRequestCount metadata: creationTimestamp: "2022-04-10T23:16:33Z" generation: 1 name: podsecuritypolicies.v1beta1.policy resourceVersion: "215542" uid: 713287b4-f4c9-4a27-bed1-c1aee0451e91 spec: numberOfUsersToReport: 10 status: currentHour: byNode: - byUser: - byVerb: - requestCount: 1 verb: list requestCount: 1 userAgent: oc/4.10.0 username: system:admin nodeName: 10.0.149.240 requestCount: 1 - byUser: - byVerb: - requestCount: 1 verb: watch requestCount: 1 userAgent: kube-controller-manager/v1.23.3+37c5e75 username: system:kube-controller-manager nodeName: 10.0.162.193 requestCount: 1 - nodeName: 10.0.204.228 requestCount: 0 requestCount: 2 last24h: - byNode: - byUser: - byVerb: - requestCount: 9 verb: watch requestCount: 9 userAgent: kube-controller-manager/v1.23.3+37c5e75 username: system:kube-controller-manager nodeName: 10.0.149.240 requestCount: 9 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 requestCount: 9 - byNode: - byUser: - byVerb: - requestCount: 7 verb: watch requestCount: 7 userAgent: kube-controller-manager/v1.23.3+37c5e75 username: system:kube-controller-manager - byVerb: - requestCount: 1 verb: list requestCount: 1 userAgent: insights-operator/v0.0.0 username: system:serviceaccount:openshift-insights:gather nodeName: 10.0.149.240 requestCount: 8 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 requestCount: 8 - byNode: - byUser: - byVerb: - requestCount: 8 verb: watch requestCount: 8 userAgent: kube-controller-manager/v1.23.3+37c5e75 username: system:kube-controller-manager nodeName: 10.0.149.240 requestCount: 8 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 requestCount: 8 - byNode: - byUser: - byVerb: - requestCount: 8 verb: watch requestCount: 8 userAgent: kube-controller-manager/v1.23.3+37c5e75 username: system:kube-controller-manager nodeName: 10.0.149.240 requestCount: 8 - nodeName: 10.0.162.193 requestCount: 0 - byUser: - byVerb: - requestCount: 1 verb: list requestCount: 1 userAgent: insights-operator/v0.0.0 username: system:serviceaccount:openshift-insights:gather nodeName: 10.0.204.228 requestCount: 1 requestCount: 9 - byNode: - byUser: - byVerb: - requestCount: 8 verb: watch requestCount: 8 userAgent: kube-controller-manager/v1.23.3+37c5e75 username: system:kube-controller-manager nodeName: 10.0.149.240 requestCount: 8 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 requestCount: 8 - byNode: - byUser: - byVerb: - requestCount: 2 verb: watch requestCount: 2 userAgent: kube-controller-manager/v1.23.3+37c5e75 username: system:kube-controller-manager - byVerb: - requestCount: 1 verb: list requestCount: 1 userAgent: insights-operator/v0.0.0 username: system:serviceaccount:openshift-insights:gather nodeName: 10.0.149.240 requestCount: 3 - byUser: - byVerb: - requestCount: 5 verb: watch requestCount: 5 userAgent: kube-controller-manager/v1.23.3+37c5e75 username: system:kube-controller-manager nodeName: 10.0.162.193 requestCount: 5 - nodeName: 10.0.204.228 requestCount: 0 requestCount: 8 - byNode: - nodeName: 10.0.149.240 requestCount: 0 - byUser: - byVerb: - requestCount: 8 verb: watch requestCount: 8 userAgent: kube-controller-manager/v1.23.3+37c5e75 username: system:kube-controller-manager nodeName: 10.0.162.193 requestCount: 8 - nodeName: 10.0.204.228 requestCount: 0 requestCount: 8 - byNode: - nodeName: 10.0.149.240 requestCount: 0 - byUser: - byVerb: - requestCount: 7 verb: watch requestCount: 7 userAgent: kube-controller-manager/v1.23.3+37c5e75 username: system:kube-controller-manager nodeName: 10.0.162.193 requestCount: 7 - byUser: - byVerb: - requestCount: 1 verb: list requestCount: 1 userAgent: insights-operator/v0.0.0 username: system:serviceaccount:openshift-insights:gather - byVerb: - requestCount: 1 verb: list requestCount: 1 userAgent: oc/4.10.0 username: system:admin nodeName: 10.0.204.228 requestCount: 2 requestCount: 9 - byNode: - byUser: - byVerb: - requestCount: 1 verb: list requestCount: 1 userAgent: oc/4.10.0 username: system:admin nodeName: 10.0.149.240 requestCount: 1 - byUser: - byVerb: - requestCount: 1 verb: watch requestCount: 1 userAgent: kube-controller-manager/v1.23.3+37c5e75 username: system:kube-controller-manager nodeName: 10.0.162.193 requestCount: 1 - nodeName: 10.0.204.228 requestCount: 0 requestCount: 2 - requestCount: 0 - byNode: - nodeName: 10.0.149.240 requestCount: 0 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 - nodeName: 10.0.30.194 requestCount: 0 requestCount: 0 - byNode: - nodeName: 10.0.149.240 requestCount: 0 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 - nodeName: 10.0.30.194 requestCount: 0 requestCount: 0 - byNode: - nodeName: 10.0.149.240 requestCount: 0 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 - nodeName: 10.0.30.194 requestCount: 0 requestCount: 0 - byNode: - nodeName: 10.0.149.240 requestCount: 0 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 - nodeName: 10.0.30.194 requestCount: 0 requestCount: 0 - byNode: - nodeName: 10.0.149.240 requestCount: 0 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 - nodeName: 10.0.30.194 requestCount: 0 requestCount: 0 - byNode: - nodeName: 10.0.149.240 requestCount: 0 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 - nodeName: 10.0.30.194 requestCount: 0 requestCount: 0 - byNode: - nodeName: 10.0.149.240 requestCount: 0 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 - nodeName: 10.0.30.194 requestCount: 0 requestCount: 0 - byNode: - nodeName: 10.0.149.240 requestCount: 0 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 - nodeName: 10.0.30.194 requestCount: 0 requestCount: 0 - byNode: - nodeName: 10.0.149.240 requestCount: 0 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 - nodeName: 10.0.30.194 requestCount: 0 requestCount: 0 - byNode: - nodeName: 10.0.149.240 requestCount: 0 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 - nodeName: 10.0.30.194 requestCount: 0 requestCount: 0 - byNode: - nodeName: 10.0.149.240 requestCount: 0 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 - nodeName: 10.0.30.194 requestCount: 0 requestCount: 0 - byNode: - nodeName: 10.0.149.240 requestCount: 0 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 - nodeName: 10.0.30.194 requestCount: 0 requestCount: 0 - byNode: - nodeName: 10.0.149.240 requestCount: 0 - nodeName: 10.0.162.193 requestCount: 0 - nodeName: 10.0.204.228 requestCount: 0 - nodeName: 10.0.30.194 requestCount: 0 requestCount: 0 - byNode: - byUser: - byVerb: - requestCount: 5 verb: watch requestCount: 5 userAgent: kube-controller-manager/v1.23.3+37c5e75 username: system:kube-controller-manager nodeName: 10.0.149.240 requestCount: 5 - byUser: - byVerb: - requestCount: 2 verb: list - requestCount: 2 verb: watch requestCount: 4 userAgent: kube-controller-manager/v1.23.3+37c5e75 username: system:kube-controller-manager - byVerb: - requestCount: 1 verb: list requestCount: 1 userAgent: insights-operator/v0.0.0 username: system:serviceaccount:openshift-insights:gather nodeName: 10.0.162.193 requestCount: 5 - nodeName: 10.0.204.228 requestCount: 0 - byUser: - byVerb: - requestCount: 1 verb: list - requestCount: 1 verb: watch requestCount: 2 userAgent: kube-controller-manager/v1.23.3+37c5e75 username: system:admin nodeName: 10.0.30.194 requestCount: 2 requestCount: 12 removedInRelease: "1.25" requestCount: 81 Version-Release number of selected component (if applicable): 4.11.0-0.nightly-2022-04-08-205307 How reproducible: always Steps to Reproduce: 1. Go to admin console, click "Observe -> Alerting", check the alerts 2. 3. Actual results: APIRemovedInNextEUSReleaseInUse alert for podsecuritypolicies Expected results: no APIRemovedInNextEUSReleaseInUse alert Additional info:
Verified on 4.11.0-0.ci-2022-04-19-044315. Verification steps: 1. oc get apirequestcounts podsecuritypolicies.v1beta1.policy -o yaml | grep insights Command returns empty. 2. oc get apirequestcounts podsecuritypolicies.v1beta1.policy -o yaml Command does not return empty.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069