Bug 2073945 - APIRemovedInNextEUSReleaseInUse alert for podsecuritypolicies
Summary: APIRemovedInNextEUSReleaseInUse alert for podsecuritypolicies
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Insights Operator
Version: 4.11
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.11.0
Assignee: Tomas Remes
QA Contact: Joao Fula
URL:
Whiteboard:
Depends On:
Blocks: 2079318
TreeView+ depends on / blocked
 
Reported: 2022-04-11 08:22 UTC by Junqi Zhao
Modified: 2022-08-10 11:05 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-08-10 11:05:44 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
APIRemovedInNextEUSReleaseInUse alert for podsecuritypolicies (130.71 KB, image/png)
2022-04-11 08:22 UTC, Junqi Zhao
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Github openshift insights-operator pull 608 0 None open Bug 2073945: Remove PSP gatherer 2022-04-12 06:07:57 UTC
Red Hat Product Errata RHSA-2022:5069 0 None None None 2022-08-10 11:05:58 UTC

Description Junqi Zhao 2022-04-11 08:22:59 UTC
Created attachment 1871722 [details]
APIRemovedInNextEUSReleaseInUse alert for podsecuritypolicies

Description of problem:
APIRemovedInNextEUSReleaseInUse alert fired for podsecuritypolicies which use v1beta1 version

alert detail
        - alert: APIRemovedInNextEUSReleaseInUse
          annotations:
            description: Deprecated API that will be removed in the next EUS version is
              being used. Removing the workload that is using the {{ $labels.group }}.{{
              $labels.version }}/{{ $labels.resource }} API might be necessary for a successful
              upgrade to the next EUS cluster version. Refer to `oc get apirequestcounts
              {{ $labels.resource }}.{{ $labels.version }}.{{ $labels.group }} -o yaml`
              to identify the workload.
            summary: Deprecated API that will be removed in the next EUS version is being
              used.
          expr: |
            group(apiserver_requested_deprecated_apis{removed_release=~"1\\.2[45]"}) by (group,version,resource) and (sum by(group,version,resource) (rate(apiserver_request_total{system_client!="kube-controller-manager",system_client!="cluster-policy-controller"}[4h]))) > 0
          for: 1h
          labels:
            namespace: openshift-kube-apiserver
            severity: info


# oc get podsecuritypolicies
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+

# oc explain podsecuritypolicies
KIND:     PodSecurityPolicy
VERSION:  policy/v1beta1

checked from apirequestcounts, openshift-insights used podsecuritypolicies.v1beta1.policy
# oc get apirequestcounts podsecuritypolicies.v1beta1.policy -o yaml
apiVersion: apiserver.openshift.io/v1
kind: APIRequestCount
metadata:
  creationTimestamp: "2022-04-10T23:16:33Z"
  generation: 1
  name: podsecuritypolicies.v1beta1.policy
  resourceVersion: "215542"
  uid: 713287b4-f4c9-4a27-bed1-c1aee0451e91
spec:
  numberOfUsersToReport: 10
status:
  currentHour:
    byNode:
    - byUser:
      - byVerb:
        - requestCount: 1
          verb: list
        requestCount: 1
        userAgent: oc/4.10.0
        username: system:admin
      nodeName: 10.0.149.240
      requestCount: 1
    - byUser:
      - byVerb:
        - requestCount: 1
          verb: watch
        requestCount: 1
        userAgent: kube-controller-manager/v1.23.3+37c5e75
        username: system:kube-controller-manager
      nodeName: 10.0.162.193
      requestCount: 1
    - nodeName: 10.0.204.228
      requestCount: 0
    requestCount: 2
  last24h:
  - byNode:
    - byUser:
      - byVerb:
        - requestCount: 9
          verb: watch
        requestCount: 9
        userAgent: kube-controller-manager/v1.23.3+37c5e75
        username: system:kube-controller-manager
      nodeName: 10.0.149.240
      requestCount: 9
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    requestCount: 9
  - byNode:
    - byUser:
      - byVerb:
        - requestCount: 7
          verb: watch
        requestCount: 7
        userAgent: kube-controller-manager/v1.23.3+37c5e75
        username: system:kube-controller-manager
      - byVerb:
        - requestCount: 1
          verb: list
        requestCount: 1
        userAgent: insights-operator/v0.0.0
        username: system:serviceaccount:openshift-insights:gather
      nodeName: 10.0.149.240
      requestCount: 8
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    requestCount: 8
  - byNode:
    - byUser:
      - byVerb:
        - requestCount: 8
          verb: watch
        requestCount: 8
        userAgent: kube-controller-manager/v1.23.3+37c5e75
        username: system:kube-controller-manager
      nodeName: 10.0.149.240
      requestCount: 8
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    requestCount: 8
  - byNode:
    - byUser:
      - byVerb:
        - requestCount: 8
          verb: watch
        requestCount: 8
        userAgent: kube-controller-manager/v1.23.3+37c5e75
        username: system:kube-controller-manager
      nodeName: 10.0.149.240
      requestCount: 8
    - nodeName: 10.0.162.193
      requestCount: 0
    - byUser:
      - byVerb:
        - requestCount: 1
          verb: list
        requestCount: 1
        userAgent: insights-operator/v0.0.0
        username: system:serviceaccount:openshift-insights:gather
      nodeName: 10.0.204.228
      requestCount: 1
    requestCount: 9
  - byNode:
    - byUser:
      - byVerb:
        - requestCount: 8
          verb: watch
        requestCount: 8
        userAgent: kube-controller-manager/v1.23.3+37c5e75
        username: system:kube-controller-manager
      nodeName: 10.0.149.240
      requestCount: 8
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    requestCount: 8
  - byNode:
    - byUser:
      - byVerb:
        - requestCount: 2
          verb: watch
        requestCount: 2
        userAgent: kube-controller-manager/v1.23.3+37c5e75
        username: system:kube-controller-manager
      - byVerb:
        - requestCount: 1
          verb: list
        requestCount: 1
        userAgent: insights-operator/v0.0.0
        username: system:serviceaccount:openshift-insights:gather
      nodeName: 10.0.149.240
      requestCount: 3
    - byUser:
      - byVerb:
        - requestCount: 5
          verb: watch
        requestCount: 5
        userAgent: kube-controller-manager/v1.23.3+37c5e75
        username: system:kube-controller-manager
      nodeName: 10.0.162.193
      requestCount: 5
    - nodeName: 10.0.204.228
      requestCount: 0
    requestCount: 8
  - byNode:
    - nodeName: 10.0.149.240
      requestCount: 0
    - byUser:
      - byVerb:
        - requestCount: 8
          verb: watch
        requestCount: 8
        userAgent: kube-controller-manager/v1.23.3+37c5e75
        username: system:kube-controller-manager
      nodeName: 10.0.162.193
      requestCount: 8
    - nodeName: 10.0.204.228
      requestCount: 0
    requestCount: 8
  - byNode:
    - nodeName: 10.0.149.240
      requestCount: 0
    - byUser:
      - byVerb:
        - requestCount: 7
          verb: watch
        requestCount: 7
        userAgent: kube-controller-manager/v1.23.3+37c5e75
        username: system:kube-controller-manager
      nodeName: 10.0.162.193
      requestCount: 7
    - byUser:
      - byVerb:
        - requestCount: 1
          verb: list
        requestCount: 1
        userAgent: insights-operator/v0.0.0
        username: system:serviceaccount:openshift-insights:gather
      - byVerb:
        - requestCount: 1
          verb: list
        requestCount: 1
        userAgent: oc/4.10.0
        username: system:admin
      nodeName: 10.0.204.228
      requestCount: 2
    requestCount: 9
  - byNode:
    - byUser:
      - byVerb:
        - requestCount: 1
          verb: list
        requestCount: 1
        userAgent: oc/4.10.0
        username: system:admin
      nodeName: 10.0.149.240
      requestCount: 1
    - byUser:
      - byVerb:
        - requestCount: 1
          verb: watch
        requestCount: 1
        userAgent: kube-controller-manager/v1.23.3+37c5e75
        username: system:kube-controller-manager
      nodeName: 10.0.162.193
      requestCount: 1
    - nodeName: 10.0.204.228
      requestCount: 0
    requestCount: 2
  - requestCount: 0
  - byNode:
    - nodeName: 10.0.149.240
      requestCount: 0
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    - nodeName: 10.0.30.194
      requestCount: 0
    requestCount: 0
  - byNode:
    - nodeName: 10.0.149.240
      requestCount: 0
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    - nodeName: 10.0.30.194
      requestCount: 0
    requestCount: 0
  - byNode:
    - nodeName: 10.0.149.240
      requestCount: 0
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    - nodeName: 10.0.30.194
      requestCount: 0
    requestCount: 0
  - byNode:
    - nodeName: 10.0.149.240
      requestCount: 0
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    - nodeName: 10.0.30.194
      requestCount: 0
    requestCount: 0
  - byNode:
    - nodeName: 10.0.149.240
      requestCount: 0
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    - nodeName: 10.0.30.194
      requestCount: 0
    requestCount: 0
  - byNode:
    - nodeName: 10.0.149.240
      requestCount: 0
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    - nodeName: 10.0.30.194
      requestCount: 0
    requestCount: 0
  - byNode:
    - nodeName: 10.0.149.240
      requestCount: 0
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    - nodeName: 10.0.30.194
      requestCount: 0
    requestCount: 0
  - byNode:
    - nodeName: 10.0.149.240
      requestCount: 0
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    - nodeName: 10.0.30.194
      requestCount: 0
    requestCount: 0
  - byNode:
    - nodeName: 10.0.149.240
      requestCount: 0
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    - nodeName: 10.0.30.194
      requestCount: 0
    requestCount: 0
  - byNode:
    - nodeName: 10.0.149.240
      requestCount: 0
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    - nodeName: 10.0.30.194
      requestCount: 0
    requestCount: 0
  - byNode:
    - nodeName: 10.0.149.240
      requestCount: 0
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    - nodeName: 10.0.30.194
      requestCount: 0
    requestCount: 0
  - byNode:
    - nodeName: 10.0.149.240
      requestCount: 0
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    - nodeName: 10.0.30.194
      requestCount: 0
    requestCount: 0
  - byNode:
    - nodeName: 10.0.149.240
      requestCount: 0
    - nodeName: 10.0.162.193
      requestCount: 0
    - nodeName: 10.0.204.228
      requestCount: 0
    - nodeName: 10.0.30.194
      requestCount: 0
    requestCount: 0
  - byNode:
    - byUser:
      - byVerb:
        - requestCount: 5
          verb: watch
        requestCount: 5
        userAgent: kube-controller-manager/v1.23.3+37c5e75
        username: system:kube-controller-manager
      nodeName: 10.0.149.240
      requestCount: 5
    - byUser:
      - byVerb:
        - requestCount: 2
          verb: list
        - requestCount: 2
          verb: watch
        requestCount: 4
        userAgent: kube-controller-manager/v1.23.3+37c5e75
        username: system:kube-controller-manager
      - byVerb:
        - requestCount: 1
          verb: list
        requestCount: 1
        userAgent: insights-operator/v0.0.0
        username: system:serviceaccount:openshift-insights:gather
      nodeName: 10.0.162.193
      requestCount: 5
    - nodeName: 10.0.204.228
      requestCount: 0
    - byUser:
      - byVerb:
        - requestCount: 1
          verb: list
        - requestCount: 1
          verb: watch
        requestCount: 2
        userAgent: kube-controller-manager/v1.23.3+37c5e75
        username: system:admin
      nodeName: 10.0.30.194
      requestCount: 2
    requestCount: 12
  removedInRelease: "1.25"
  requestCount: 81


Version-Release number of selected component (if applicable):
4.11.0-0.nightly-2022-04-08-205307

How reproducible:
always

Steps to Reproduce:
1. Go to admin console, click "Observe -> Alerting", check the alerts
2.
3.

Actual results:
APIRemovedInNextEUSReleaseInUse alert for podsecuritypolicies

Expected results:
no APIRemovedInNextEUSReleaseInUse alert

Additional info:

Comment 2 Joao Fula 2022-04-19 13:04:20 UTC
Verified on 4.11.0-0.ci-2022-04-19-044315.

Verification steps:
1. oc get apirequestcounts podsecuritypolicies.v1beta1.policy -o yaml | grep insights
 Command returns empty.
2. oc get apirequestcounts podsecuritypolicies.v1beta1.policy -o yaml
 Command does not return empty.

Comment 4 errata-xmlrpc 2022-08-10 11:05:44 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069


Note You need to log in before you can comment on or make changes to this bug.