Description of problem: metrics for security profiles operator could not show on GUI due to "no endpoints" Version-Release number of selected component (if applicable): 4.11.0-0.nightly-2022-05-11-054135 + security-profiles-operator-bundle-container-0.4.3-23 How reproducible: Always Steps to Reproduce: 1. enable user workload by below command: $ oc create -f -<<EOF apiVersion: v1 kind: ConfigMap metadata: name: cluster-monitoring-config namespace: openshift-monitoring data: config.yaml: | enableUserWorkload: true EOF configmap/cluster-monitoring-config created 2. install SPO and create a seccomp profile 3. check metrics `security_profiles_operator_seccomp_profile_total` on GUI Actual results: check the metrics `security_profiles_operator_seccomp_profile_total` on GUI, it will fail due to "no endpoints" Expected results: check the metrics `security_profiles_operator_seccomp_profile_total` on GUI, it should show. Additional info: 1. if install SPO first, then enable workload, the issue won't reproduce. 2. It may related with the null selector in service monitor. Add below selector manually, the metrics show as expected: selector: matchLabels: app: security-profiles-operator
This is fixed upstream now. Will sync the sources and rebuild in OCP by tomorrow.
It should work in some previous build. But it still does not work with 4.13.0-0.nightly-2022-12-05-155739 + security-profiles-operator-bundle-container-0.5.0-39.
Additional fix should be present in bundle -58.
Verification pass with 4.13.0-0.nightly-2022-12-20-174734 + security-profiles-operator-bundle-container-0.5.0-62 1. Install SPO, trigger seccompprofile recording and selinuxprofile recording. Then Click Observe > Metrics on GUI, run query "security_profiles_operator_seccomp_profile_total" and "security_profiles_operator_selinux_profile_total", it displayed value as expected. No "no endpoints" displayed. 2. Create a seccompprofile in openshift-security-profiles ns, $ oc project openshift-security-profiles Now using project "openshift-security-profiles" on server "https://api.xiyuan21-1.qe.devcluster.openshift.com:6443". $ cat sleep_sh_pod_p.yaml apiVersion: security-profiles-operator.x-k8s.io/v1beta1 kind: SeccompProfile metadata: name: sleep-sh-pod spec: defaultAction: SCMP_ACT_ERRNO architectures: - SCMP_ARCH_X86_64 syscalls: - action: SCMP_ACT_ALLOW names: - arch_prctl - brk - capget - capset - chdir - clone - close - dup3 - epoll_ctl - epoll_pwait - execve - exit_group - fchdir - fchown - fcntl - fstat - fstatfs - futex - getcwd - getdents64 - getpid - getppid - getuid - ioctl - lseek - mmap - mount - mprotect - nanosleep - newfstatat - open - openat - pivot_root - prctl - read - rt_sigaction - rt_sigprocmask - rt_sigreturn - set_tid_address - setgid - setgroups - sethostname - setuid - stat - statfs - tgkill - time - umask - umount2 - wait4 - write $ oc apply -f sleep_sh_pod_p.yaml seccompprofile.security-profiles-operator.x-k8s.io/sleep-sh-pod created Click Observe > Metrics on GUI, run query "security_profiles_operator_seccomp_profile_total" and "security_profiles_operator_selinux_profile_total", the value increased by 1.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Security Profiles Operator release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:8762