search

cilium / cilium-olm

Other
10 stars 13 forks source link

scan failure: certified-operator-olm-deployment #27

Closed errordeveloper closed 3 years ago

errordeveloper commented 3 years ago

https://gist.github.com/errordeveloper/2ea8fd63aff43dccafe12b9ac189859a

errordeveloper commented 3 years ago

Supposedly the root cause of failure is this:

time="2021-02-03T19:51:22Z" level=warning msg="strict mode disabled" error="error loading manifests from appregistry: error loading operator manifests: [error adding operator bundle cilium.v1.9.3/1.9.3/: UNIQUE constraint failed: operatorbundle.name, operatorbundle.version, operatorbundle.bundlepath, error adding operator bundle vprotect-operator.v0.0.1/0.0.1/: UNIQUE constraint failed: operatorbundle.name, operatorbundle.version, operatorbundle.bundlepath]" port=50051 type=appregistry
errordeveloper commented 3 years ago

https://github.com/operator-framework/operator-registry/issues/286 🤔

errordeveloper commented 3 years ago

The error actually references vprotect-operator as well, perhaps it's just an actual warning.

errordeveloper commented 3 years ago

Perhaps this is the real error:

E0203 19:51:56.244519       1 queueinformer_operator.go:290] sync "test-operator" failed: error updating Subscription status: Operation cannot be fulfilled on subscriptions.operators.coreos.com "cilium-test": the object has been modified; please apply your changes to the latest version and try again

But what does it even mean?

There is also this:

    Phase:                 Installing
    Reason:                InstallWaiting
    Last Transition Time:  2021-02-03T20:01:55Z
    Last Update Time:      2021-02-03T20:01:55Z
    Message:               install timeout
    Phase:                 Failed
    Reason:                InstallCheckFailed
    Last Transition Time:  2021-02-03T20:01:56Z
    Last Update Time:      2021-02-03T20:01:56Z
    Message:               installing: waiting for deployment cilium-olm to become ready: Waiting for rollout to finish: 0 out of 1 new replicas have been updated...

    Phase:                 Pending
    Reason:                NeedsReinstall
    Last Transition Time:  2021-02-03T20:01:56Z
    Last Update Time:      2021-02-03T20:01:56Z
    Message:               all requirements found, attempting install
    Phase:                 InstallReady
    Reason:                AllRequirementsMet
    Last Transition Time:  2021-02-03T20:01:56Z
    Last Update Time:      2021-02-03T20:01:56Z
    Message:               waiting for install components to report healthy
    Phase:                 Installing
    Reason:                InstallSucceeded
    Last Transition Time:  2021-02-03T20:01:56Z
    Last Update Time:      2021-02-03T20:01:57Z
    Message:               installing: waiting for deployment cilium-olm to become ready: Waiting for deployment spec update to be observed...

    Phase:                 Installing
    Reason:                InstallWaiting
    Last Transition Time:  2021-02-03T20:01:57Z
    Last Update Time:      2021-02-03T20:01:57Z
    Message:               install failed: deployment cilium-olm not ready before timeout: deployment "cilium-olm" exceeded its progress deadline
    Phase:                 Failed
    Reason:                InstallCheckFailed
  Last Transition Time:    2021-02-03T20:01:57Z
  Last Update Time:        2021-02-03T20:01:57Z
  Message:                 install failed: deployment cilium-olm not ready before timeout: deployment "cilium-olm" exceeded its progress deadline
  Phase:                   Failed
  Reason:                  InstallCheckFailed
errordeveloper commented 3 years ago

From email conversation with support there was this error:

  Warning  FailedCreate  6m28s (x19 over 18m)  replicaset-controller  Error creating: pods "cilium-olm-7d5c98fd85-" is forbidden: unable to validate against any security context constraint: [provider restricted: .spec.securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used spec.containers[0].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used spec.containers[0].securityContext.containers[0].hostPort: Invalid value: 9443: Host ports are not allowed to be used spec.containers[0].securityContext.containers[1].hostPort: Invalid value: 8889: Host ports are not allowed to be used spec.containers[1].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used spec.containers[1].securityContext.containers[0].hostPort: Invalid value: 9443: Host ports are not allowed to be used spec.containers[1].securityContext.containers[1].hostPort: Invalid value: 8889: Host ports are not allowed to be used]

This error doesn't appear to be included in the logs linked from the issue description. The nature of this is due to SCC.