Bug 2155740 - [4.11] Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found"
Summary: [4.11] Importer pod is failing to start with error "MountVolume.SetUp failed ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Storage
Version: 4.10.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 4.11.3
Assignee: Arnon Gilboa
QA Contact: Yan Du
URL:
Whiteboard:
Depends On: 2116644
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-12-22 07:04 UTC by Arnon Gilboa
Modified: 2023-02-07 15:16 UTC (History)
1 user (show)

Fixed In Version: v4.11.3-7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-02-07 15:16:28 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github kubevirt containerized-data-importer pull 2509 0 None Merged [release-v1.49] Fix import proxy ConfigMap update 2023-01-17 07:44:56 UTC
Red Hat Issue Tracker CNV-23536 0 None None None 2022-12-22 07:09:41 UTC
Red Hat Product Errata RHEA-2023:0621 0 None None None 2023-02-07 15:16:38 UTC

Description Arnon Gilboa 2022-12-22 07:04:53 UTC 
This bug was initially created as a copy of Bug #2116644

I am copying this bug because: 



Description of problem:

The cluster is having cluster proxy configured as below:

~~~
apiVersion: v1
items:
- apiVersion: config.openshift.io/v1
  kind: Proxy
....
....
  spec:
    trustedCA:
      name: custom-ca <<<
~~~

However, the custom-ca was only created in openshit-config namespace by following https://docs.openshift.com/container-platform/4.10/networking/enable-cluster-wide-proxy.html.

However, while importing the disk, the importer pod is in ContainerCreating status and we have the below events:

~~~
12m         Warning   FailedMount                   pod/importer-rhel7-sophisticated-parrotfish            MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found
~~~

This is because the custom-ca is not available in the namespace where we are importing the disk. The user has to manually copy the ConfigMap custom-ca to the namespace for the import to work. 

Version-Release number of selected component (if applicable):

OpenShift Virtualization   4.10.3

How reproducible:

100 %

Steps to Reproduce:

1. Add spec.trustedCA in the cluster-wide proxy configuration.
2. Create the ConfigMap that contains CA certificates in openshift-config namespace.
3. Try to import a image in namespace other than openshift-config. The importer pod will be stuck in `ContainerCreating` status.

Actual results:

Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found"

Expected results:

Since the error is creating confusion, it would be ideal if the ConfigMap is automatically copied to the namespace where the user is trying to import the VM/disk. If not, I think we should mention this is the documentation to copy the ConfigMap manually.

Additional info:
Comment 1 Yan Du 2023-01-18 09:42:35 UTC 
Test on CNV-v4.11.3-8, import succeed when proxy is set

$ oc get dv fedora36 
NAME       PHASE       PROGRESS   RESTARTS   AGE
fedora36   Succeeded   100.0%                2m3s
$ oc get pvc fedora36 
NAME       STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS         AGE
fedora36   Bound    pvc-bcb25925-77da-4e8f-b6df-3618cf22438f   149Gi      RWO            hostpath-csi-basic   112s
Comment 7 errata-xmlrpc 2023-02-07 15:16:28 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Virtualization 4.11.3 Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:0621
Note You need to log in before you can comment on or make changes to this bug.