Operator does not run

[pegahnikbakht]

Describe the bug I tried to install the operator using the instructions https://github.com/confidential-containers/operator/blob/main/docs/INSTALL.md but it get stuck in pending phase, I tried to get the logs this is the only thing I can see in the logs:

Defaulted container "kube-rbac-proxy" out of: kube-rbac-proxy, manager

How I can solve this?

To Reproduce Instructions https://github.com/confidential-containers/operator/blob/main/docs/INSTALL.md

[fitzthum]

Make sure your nodes are labelled appropriately. Should have something like node-role.kubernetes.io/worker= depending on k8s version.

[pegahnikbakht]

Yes I labeled them correctly. How I can see more logs on creation?

[ldoktor]

@pegahnikbakht could you please share more details about your setup and actual steps that worked (eg. release version)? I gave it a try and following worked well using 1 ctlplane and 1 worker nodes provided by kcli:

$ oc get nodes
NAME                  STATUS   ROLES           AGE   VERSION
kata-k8s-ctlplane-0   Ready    control-plane   59m   v1.29.3
kata-k8s-worker-0     Ready    worker          57m   v1.29.3

export RELEASE_VERSION="v0.8.0"
oc label node kata-k8s-worker-0 node.kubernetes.io/worker=
kubectl apply -k "github.com/confidential-containers/operator/config/release?ref=${RELEASE_VERSION}"
kubectl get pods -n confidential-containers-system --watch

wait until all are running

kubectl apply -k github.com/confidential-containers/operator/config/samples/ccruntime/default?ref=${RELEASE_VERSION}
kubectl get pods -n confidential-containers-system --watch

wait until all are running, then you should be set:

kubectl get all -n confidential-containers-system 
NAME                                                 READY   STATUS    RESTARTS   AGE
pod/cc-operator-controller-manager-858dd6c84-l4h4m   2/2     Running   0          17m
pod/cc-operator-daemon-install-mggw4                 1/1     Running   0          8m51s
pod/cc-operator-pre-install-daemon-kglq7             1/1     Running   0          9m20s

NAME                                                     TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
service/cc-operator-controller-manager-metrics-service   ClusterIP   10.111.227.49   <none>        8443/TCP   17m

NAME                                            DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                            AGE
daemonset.apps/cc-operator-daemon-install       1         1         1       1            1           node.kubernetes.io/worker=               8m51s
daemonset.apps/cc-operator-daemon-uninstall     0         0         0       0            0           katacontainers.io/kata-runtime=cleanup   9m20s
daemonset.apps/cc-operator-pre-install-daemon   1         1         1       1            1           node.kubernetes.io/worker=               9m20s

NAME                                             READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/cc-operator-controller-manager   1/1     1            1           17m

NAME                                                       DESIRED   CURRENT   READY   AGE
replicaset.apps/cc-operator-controller-manager-858dd6c84   1         1         1       17m

and

kubectl get all -n kube-system 
NAME                                              READY   STATUS    RESTARTS   AGE
pod/coredns-76f75df574-22wz7                      1/1     Running   0          56m
pod/coredns-76f75df574-z7kdp                      1/1     Running   0          56m
pod/etcd-kata-k8s-ctlplane-0                      1/1     Running   0          56m
pod/kube-apiserver-kata-k8s-ctlplane-0            1/1     Running   0          56m
pod/kube-controller-manager-kata-k8s-ctlplane-0   1/1     Running   0          56m
pod/kube-multus-ds-xrw6v                          1/1     Running   0          54m
pod/kube-multus-ds-z7sh8                          1/1     Running   0          56m
pod/kube-proxy-5qggc                              1/1     Running   0          56m
pod/kube-proxy-xtrfw                              1/1     Running   0          54m
pod/kube-scheduler-kata-k8s-ctlplane-0            1/1     Running   0          56m

NAME               TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
service/kube-dns   ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP,9153/TCP   56m

NAME                            DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
daemonset.apps/kube-multus-ds   2         2         2       2            2           <none>                   56m
daemonset.apps/kube-proxy       2         2         2       2            2           kubernetes.io/os=linux   56m

NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/coredns   2/2     2            2           56m

NAME                                 DESIRED   CURRENT   READY   AGE
replicaset.apps/coredns-76f75df574   2         2         2       56m

[pegahnikbakht]

This solved my problem: kubectl taint nodes --all node-role.kubernetes.io/control-plane- I think this should be added to the instructions, it took me two days to figure it out.

[ldoktor]

Well I wouldn't suggest doing that for all nodes as the control plane nodes should not generally run arbitrary pods. Are you using a single-node cluster?

[pegahnikbakht]

Yeah, I'm using a single node cluster.

[ldoktor]

I see, anyway I'm glad you find a workaround that works well for you but I don't think it should be in documentation as the usual setup consists of multiple nodes, @pegahnikbakht what do you think?

[pegahnikbakht]

Maybe right, but it is good to note it somewhere.