2118627 – [Tracker for BZ #2240024] [RDR] rbd-mirror daemon health is in warning though connectivity between both the managed clusters is fine

Bug 2118627 - [Tracker for BZ #2240024] [RDR] rbd-mirror daemon health is in warning though connectivity between both the managed clusters is fine

Summary: [Tracker for BZ #2240024] [RDR] rbd-mirror daemon health is in warning though...

Keywords:
Status:	ASSIGNED
Alias:	None
Product:	Red Hat OpenShift Data Foundation
Classification:	Red Hat Storage
Component:	ceph
Sub Component:
Version:	4.11
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Juan Miguel Olmo
QA Contact:	Aman Agrawal
Docs Contact:
URL:
Whiteboard:
Depends On:	2240024
Blocks:	2119049
TreeView+	depends on / blocked

Reported:	2022-08-16 09:59 UTC by Aman Agrawal
Modified:	2024-09-10 11:43 UTC (History)
CC List:	12 users (show)
Fixed In Version:	4.15.0-52
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Clones:	2119049 2141003 (view as bug list)
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Aman Agrawal 2022-08-16 09:59:08 UTC

Description of problem (please be detailed as possible and provide log
snippests):

It's a newly deployed cluster where busybox-workloads-1,2,3&6 are running on C1 and busybox-workloads4&5 are running on C2 for 3+ days.

No failover/relocate operation has been performed yet. 


Version of all relevant components (if applicable):

[amagrawa@amagrawa ~]$ oc version
Client Version: 4.8.0-0.nightly-2021-05-08-132247
Server Version: 4.11.0-0.nightly-2022-08-04-081314
Kubernetes Version: v1.24.0+9546431

ODF 4.11.0-133

sh-4.4$ ceph -v
ceph version 16.2.8-84.el8cp (c2980f2fd700e979d41b4bad2939bb90f0fe435c) pacific (stable)

ACM 2.5.2


Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?

Yes, failover/relocate operations can not be performed


Is there any workaround available to the best of your knowledge? No


Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?


Can this issue reproducible?


Can this issue reproduce from the UI?


If this is a regression, please provide more details to justify this:


Steps to Reproduce:
1. Deploy a RDR setup with latency of 150ms
2. Run the workloads for 3-4 days
3. Check the mirroringstatus on both the managed clusters and also verify the submariner connectivity between the managed clusters (which should be fine).


Actual results: Daemon health is in warning though connectivity between both the managed clusters is fine

C1-

[amagrawa@amagrawa ~]$ subctl show connections
Cluster "api-amagrawa-c1-qe-rh-ocs-com:6443"
 ✓ Showing Connections 
GATEWAY    CLUSTER      REMOTE IP    NAT  CABLE DRIVER  SUBNETS                       STATUS     RTT avg.      
compute-1  amagrawa-c2  10.1.160.81  no   libreswan     172.30.0.0/16, 10.128.0.0/14  connected  150.465665ms  

Cluster "amagrawa-c1"
 ✓ Showing Connections 
GATEWAY    CLUSTER      REMOTE IP    NAT  CABLE DRIVER  SUBNETS                       STATUS     RTT avg.      
compute-1  amagrawa-c2  10.1.160.81  no   libreswan     172.30.0.0/16, 10.128.0.0/14  connected  150.465665ms  

[amagrawa@amagrawa ~]$ oc get pods -n submariner-operator 
NAME                                             READY   STATUS    RESTARTS   AGE
my-catalog-source-ctn9h                          1/1     Running   0          17h
submariner-addon-545b6dd7fd-kvdss                1/1     Running   0          148m
submariner-gateway-vx76m                         1/1     Running   0          148m
submariner-lighthouse-agent-866c47c9bf-j9v2c     1/1     Running   0          148m
submariner-lighthouse-coredns-64c6b6f674-4655r   1/1     Running   0          148m
submariner-lighthouse-coredns-64c6b6f674-mtdzr   1/1     Running   0          148m
submariner-operator-7b69f86c9d-frl4l             1/1     Running   0          148m
submariner-routeagent-5mw2l                      1/1     Running   0          148m
submariner-routeagent-7kvgq                      1/1     Running   0          148m
submariner-routeagent-86zqm                      1/1     Running   0          148m
submariner-routeagent-dlfb7                      1/1     Running   0          148m
submariner-routeagent-q9klc                      1/1     Running   0          148m
submariner-routeagent-sn5zp                      1/1     Running   0          148m


[amagrawa@amagrawa ~]$ subctl verify --only connectivity ~/Downloads/Kubeconfig/dr-c1/kubeconfig  ~/Downloads/Kubeconfig/dr-c2/kubeconfig
subctl verify with kubeconfig arguments is deprecated, please use --kubecontexts instead
Performing the following verifications: connectivity
Running Suite: Submariner E2E suite
===================================
Random Seed: 1660643181
Will run 22 of 41 specs

SSSSSSSS
------------------------------
S [SKIPPING] [1.502 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:58
    when the pod is not on a gateway and the remote service is not on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:65
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:37.588: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [2.485 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:58
    when the pod is on a gateway and the remote service is not on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:69
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:39.983: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.713 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:58
    when the pod is on a gateway and the remote service is on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:73
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:41.580: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.575 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod matching an egress IP namespace selector connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:78
    when the pod is not on a gateway and the remote service is not on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:85
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:43.350: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.583 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod matching an egress IP namespace selector connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:78
    when the pod is on a gateway and the remote service is on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:89
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:44.900: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.948 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod matching an egress IP pod selector connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:94
    when the pod is not on a gateway and the remote service is not on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:101
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:46.583: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.904 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod matching an egress IP pod selector connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:94
    when the pod is on a gateway and the remote service is on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:105
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:48.734: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.477 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod with HostNetworking connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:110
    when the pod is not on a gateway and the remote service is not on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:117
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:50.267: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.575 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod with HostNetworking connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:110
    when the pod is on a gateway and the remote service is not on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:121
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:51.778: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.529 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod connects via TCP to the globalIP of a remote headless service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:126
    when the pod is not on a gateway and the remote service is not on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:133
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:53.353: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.540 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod connects via TCP to the globalIP of a remote headless service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:126
    when the pod is on a gateway and the remote service is on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:137
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:54.869: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
•W0816 15:16:59.051908   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:17:05.277481   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:17:18.232261   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:17:24.379390   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:17:37.413467   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:17:43.574095   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:17:56.785000   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:18:02.908399   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:18:15.878526   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:18:22.378840   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:18:35.345449   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:18:41.818716   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:18:54.844350   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:19:01.370299   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:19:14.337468   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:19:20.811399   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:19:33.877162   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:19:40.567481   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": host namespaces (hostNetwork=true), allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:19:50.122595   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:19:56.406311   33581 warnings.go:67] would violate PodSecurity "restricted:v1.24": host namespaces (hostNetwork=true), allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•SSSSSSSSSSS
Ran 11 of 41 Specs in 228.417 seconds
SUCCESS! -- 11 Passed | 0 Failed | 0 Pending | 30 Skipped



C2-

[amagrawa@amagrawa ~]$ subctl show connections
Cluster "amagrawa-c2"
 ✓ Showing Connections 
GATEWAY    CLUSTER      REMOTE IP     NAT  CABLE DRIVER  SUBNETS                       STATUS     RTT avg.      
compute-1  amagrawa-c1  10.1.160.105  no   libreswan     172.31.0.0/16, 10.132.0.0/14  connected  150.482377ms  

Cluster "api-amagrawa-c2-qe-rh-ocs-com:6443"
 ✓ Showing Connections 
GATEWAY    CLUSTER      REMOTE IP     NAT  CABLE DRIVER  SUBNETS                       STATUS     RTT avg.      
compute-1  amagrawa-c1  10.1.160.105  no   libreswan     172.31.0.0/16, 10.132.0.0/14  connected  150.482471ms  

[amagrawa@amagrawa ~]$ oc get pods -n submariner-operator
NAME                                             READY   STATUS    RESTARTS   AGE
my-catalog-source-bd52h                          1/1     Running   0          4d
submariner-addon-fdb797d77-74x4q                 1/1     Running   0          148m
submariner-gateway-psc5k                         1/1     Running   0          148m
submariner-lighthouse-agent-86b9fb55fb-x5wsp     1/1     Running   0          148m
submariner-lighthouse-coredns-647c59b579-dhqt8   1/1     Running   0          148m
submariner-lighthouse-coredns-647c59b579-z98fz   1/1     Running   0          148m
submariner-operator-7b69f86c9d-jf2wk             1/1     Running   0          148m
submariner-routeagent-8qlqn                      1/1     Running   0          148m
submariner-routeagent-gbf59                      1/1     Running   0          148m
submariner-routeagent-jlbqj                      1/1     Running   0          148m
submariner-routeagent-sdvlt                      1/1     Running   0          148m
submariner-routeagent-xlxps                      1/1     Running   0          148m
submariner-routeagent-zj59q                      1/1     Running   0          148m


[amagrawa@amagrawa ~]$ subctl verify --only connectivity ~/Downloads/Kubeconfig/dr-c2/kubeconfig  ~/Downloads/Kubeconfig/dr-c1/kubeconfig
subctl verify with kubeconfig arguments is deprecated, please use --kubecontexts instead
Performing the following verifications: connectivity
Running Suite: Submariner E2E suite
===================================
Random Seed: 1660643188
Will run 22 of 41 specs

S [SKIPPING] [1.850 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:58
    when the pod is not on a gateway and the remote service is not on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:65
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:47.177: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.594 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:58
    when the pod is on a gateway and the remote service is not on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:69
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:49.127: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.476 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:58
    when the pod is on a gateway and the remote service is on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:73
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:50.622: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.636 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod matching an egress IP namespace selector connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:78
    when the pod is not on a gateway and the remote service is not on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:85
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:52.136: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.528 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod matching an egress IP namespace selector connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:78
    when the pod is on a gateway and the remote service is on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:89
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:53.727: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.552 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod matching an egress IP pod selector connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:94
    when the pod is not on a gateway and the remote service is not on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:101
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:55.266: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.451 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod matching an egress IP pod selector connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:94
    when the pod is on a gateway and the remote service is on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:105
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:56.778: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.490 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod with HostNetworking connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:110
    when the pod is not on a gateway and the remote service is not on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:117
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:58.256: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.775 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod with HostNetworking connects via TCP to the globalIP of a remote service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:110
    when the pod is on a gateway and the remote service is not on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:121
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:16:59.785: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.479 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod connects via TCP to the globalIP of a remote headless service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:126
    when the pod is not on a gateway and the remote service is not on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:133
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:17:01.539: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
S [SKIPPING] [1.502 seconds]
[dataplane-globalnet] Basic TCP connectivity tests across overlapping clusters without discovery
github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:28
  when a pod connects via TCP to the globalIP of a remote headless service
  github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:126
    when the pod is on a gateway and the remote service is on a gateway
    github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:137
      should have sent the expected data from the pod to the other pod [It]
      github.com/submariner-io/submariner.1/test/e2e/dataplane/tcp_gn_pod_connectivity.go:35

      Aug 16 15:17:02.991: Globalnet is not enabled, skipping the test...

      github.com/submariner-io/shipyard.1/test/e2e/framework/logging.go:60
------------------------------
W0816 15:17:04.922783   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:17:11.038580   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:17:18.951340   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:17:25.051205   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:17:38.003545   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:17:44.128352   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:17:57.136600   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:18:03.238854   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:18:16.166258   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:18:22.649201   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:18:35.560110   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:18:42.120452   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:18:55.205206   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:19:01.675255   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:19:14.684420   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:19:21.174959   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:19:40.566759   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:19:47.372032   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": host namespaces (hostNetwork=true), allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•W0816 15:19:55.624395   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "tcp-check-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-listener" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-listener" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0816 15:20:02.085476   33601 warnings.go:67] would violate PodSecurity "restricted:v1.24": host namespaces (hostNetwork=true), allowPrivilegeEscalation != false (container "tcp-check-connector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tcp-check-connector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tcp-check-connector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tcp-check-connector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
•SS•SSSSSSSSSSSSSSSSS
Ran 11 of 41 Specs in 227.320 seconds
SUCCESS! -- 11 Passed | 0 Failed | 0 Pending | 30 Skipped


Though output from 
C1 is-
[amagrawa@amagrawa ~]$ oc get cephblockpool ocs-storagecluster-cephblockpool -n openshift-storage -o jsonpath='{.status.mirroringStatus.summary}{"\n"}'
{"daemon_health":"OK","health":"WARNING","image_health":"WARNING","states":{"unknown":109}}


C2 is-
[amagrawa@amagrawa ~]$ oc get cephblockpool ocs-storagecluster-cephblockpool -n openshift-storage -o jsonpath='{.status.mirroringStatus.summary}{"\n"}'
{"daemon_health":"WARNING","health":"WARNING","image_health":"WARNING","states":{"starting_replay":56,"stopped":52,"unknown":1}}



Expected results: Daemon health should be fine. Mirroring Status should not report any Warning.


Additional info:

Comment 4 Scott Ostapovicz 2022-08-16 14:56:38 UTC

Is there a specific problem here other than the warning?  If not, then it seems like clearing up this warning would be a GA issue (4.12) not a tech preview issue (4.11).

Comment 23 Annette Clewett 2022-10-11 14:36:25 UTC

@srangana there is a new command "dr health" that can be used with the Krew "rook-ceph" plugin to test Ceph communication across storageclusters using opposite cluster "ceph status" as well as output the local cephblockpool "rbd -p <poolname> mirror pool status". Details found here how to install Krew "rook ceph" plugin and use "dr - health" https://github.com/rook/kubectl-rook-ceph#commands. 

Also new insight rule MR merged to be used by support to diagnosis connectivity issue. Details found here https://gitlab.cee.redhat.com/ccx/ccx-rules-ocp/-/merge_requests/941. Unfortunately the Insight rule is triggered "When Mirror daemon is in unhealthy status for more than 1m, "OdfMirrorDaemonStatus". Given this BZ https://bugzilla.redhat.com/show_bug.cgi?id=2133505 the "OdfMirrorDaemonStatus" may not fire thereby not triggering the Insight.

Comment 30 Mudit Agarwal 2022-11-08 00:29:10 UTC

Not a TP blocker, Shyam please open a RHCS BZ

Comment 74 Aman Agrawal 2023-12-18 17:58:19 UTC

Moving it back to Assigned based upon above comments.

Note You need to log in before you can comment on or make changes to this bug.