Comments (12)
@sybadm may I ask you to verify the fix once https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/post-security-profiles-operator-push-image/1729505403827392512 is successfull and we have an updated
latest
image tag?
you made my day!
$ kubectl -nsecurity-profiles-operator get spod spod
NAME STATE
spod RUNNING
from security-profiles-operator.
Hey @sybadm, thank you for the request. Can you share the logs of the components of the SPO?
from security-profiles-operator.
@saschagrunert thanks for your response
$ kubectl -nsecurity-profiles-operator describe spod spod
Name: spod
Namespace: security-profiles-operator
Labels: app=security-profiles-operator
Annotations: <none>
API Version: security-profiles-operator.x-k8s.io/v1alpha1
Kind: SecurityProfilesOperatorDaemon
Metadata:
Creation Timestamp: 2023-11-27T10:06:54Z
Generation: 1
Managed Fields:
API Version: security-profiles-operator.x-k8s.io/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:labels:
.:
f:app:
f:spec:
.:
f:disableOciArtifactSignatureVerification:
f:hostProcVolumePath:
f:priorityClassName:
f:selinuxOptions:
.:
f:allowedSystemProfiles:
f:selinuxTypeTag:
f:staticWebhookConfig:
f:tolerations:
Manager: security-profiles-operator
Operation: Update
Time: 2023-11-27T10:06:54Z
API Version: security-profiles-operator.x-k8s.io/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:conditions:
f:state:
Manager: security-profiles-operator
Operation: Update
Subresource: status
Time: 2023-11-27T10:06:56Z
Resource Version: 34367601
UID: e6b68286-1acc-4bbf-8128-2139a1d55820
Spec:
Disable Oci Artifact Signature Verification: false
Host Proc Volume Path: /proc
Priority Class Name: system-node-critical
Selinux Options:
Allowed System Profiles:
container
Selinux Type Tag: spc_t
Static Webhook Config: false
Tolerations:
Effect: NoSchedule
Key: node-role.kubernetes.io/master
Operator: Exists
Effect: NoSchedule
Key: node-role.kubernetes.io/control-plane
Operator: Exists
Effect: NoExecute
Key: node.kubernetes.io/not-ready
Operator: Exists
Status:
Conditions:
Last Transition Time: 2023-11-27T10:06:56Z
Message:
Reason: Updating
Status: False
Type: Ready
State: UPDATING
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning CannotUpdateSPOD 4m40s spod-config updating operator DaemonSet: Operation cannot be fulfilled on daemonsets.apps "spod": the object has been modified; please apply your changes to the latest version and try again
$ kubectl logs --selector name=spod -n security-profiles-operator
Defaulted container "security-profiles-operator" out of: security-profiles-operator, metrics, non-root-enabler (init)
Defaulted container "security-profiles-operator" out of: security-profiles-operator, metrics, non-root-enabler (init)
Defaulted container "security-profiles-operator" out of: security-profiles-operator, metrics, non-root-enabler (init)
Defaulted container "security-profiles-operator" out of: security-profiles-operator, metrics, non-root-enabler (init)
I1127 10:07:01.469539 1 main.go:368] "watching all namespaces" logger="setup"
I1127 10:07:01.470743 1 main.go:497] "starting daemon" logger="setup"
I1127 10:07:01.470862 1 server.go:185] "Starting metrics server" logger="controller-runtime.metrics"
I1127 10:07:01.471000 1 server.go:224] "Serving metrics server" logger="controller-runtime.metrics" bindAddress=":8080" secure=false
I1127 10:07:01.471103 1 grpc.go:60] "Starting GRPC server API" logger="metrics"
I1127 10:07:01.471225 1 server.go:50] "starting server" kind="health probe" addr="[::]:8085"
I1127 10:07:01.471548 1 controller.go:178] "Starting EventSource" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile" source="kind source: *v1beta1.SeccompProfile"
I1127 10:07:01.471602 1 controller.go:178] "Starting EventSource" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile" source="kind source: *v1alpha1.SecurityProfilesOperatorDaemon"
I1127 10:07:01.471626 1 controller.go:186] "Starting Controller" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile"
I1127 10:07:01.616551 1 controller.go:220] "Starting workers" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile" worker count=1
I1127 10:07:00.961862 1 main.go:368] "watching all namespaces" logger="setup"
I1127 10:07:00.962685 1 main.go:497] "starting daemon" logger="setup"
I1127 10:07:00.962774 1 server.go:185] "Starting metrics server" logger="controller-runtime.metrics"
I1127 10:07:00.962866 1 server.go:224] "Serving metrics server" logger="controller-runtime.metrics" bindAddress=":8080" secure=false
I1127 10:07:00.963014 1 grpc.go:60] "Starting GRPC server API" logger="metrics"
I1127 10:07:00.963120 1 server.go:50] "starting server" kind="health probe" addr="[::]:8085"
I1127 10:07:00.963426 1 controller.go:178] "Starting EventSource" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile" source="kind source: *v1beta1.SeccompProfile"
I1127 10:07:00.963460 1 controller.go:178] "Starting EventSource" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile" source="kind source: *v1alpha1.SecurityProfilesOperatorDaemon"
I1127 10:07:00.963507 1 controller.go:186] "Starting Controller" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile"
I1127 10:07:01.212924 1 controller.go:220] "Starting workers" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile" worker count=1
I1127 10:09:49.944229 1 main.go:368] "watching all namespaces" logger="setup"
I1127 10:09:49.944229 1 grpc.go:60] "Starting GRPC server API" logger="metrics"
I1127 10:09:49.944709 1 main.go:497] "starting daemon" logger="setup"
I1127 10:09:49.944772 1 server.go:185] "Starting metrics server" logger="controller-runtime.metrics"
I1127 10:09:49.944787 1 server.go:50] "starting server" kind="health probe" addr="[::]:8085"
I1127 10:09:49.944823 1 server.go:224] "Serving metrics server" logger="controller-runtime.metrics" bindAddress=":8080" secure=false
I1127 10:09:49.944994 1 controller.go:178] "Starting EventSource" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile" source="kind source: *v1beta1.SeccompProfile"
I1127 10:09:49.945063 1 controller.go:178] "Starting EventSource" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile" source="kind source: *v1alpha1.SecurityProfilesOperatorDaemon"
I1127 10:09:49.945082 1 controller.go:186] "Starting Controller" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile"
I1127 10:09:50.082741 1 controller.go:220] "Starting workers" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile" worker count=1
I1127 10:06:59.662844 1 main.go:368] "watching all namespaces" logger="setup"
I1127 10:06:59.663220 1 grpc.go:60] "Starting GRPC server API" logger="metrics"
I1127 10:06:59.663491 1 main.go:497] "starting daemon" logger="setup"
I1127 10:06:59.663625 1 server.go:185] "Starting metrics server" logger="controller-runtime.metrics"
I1127 10:06:59.663721 1 server.go:224] "Serving metrics server" logger="controller-runtime.metrics" bindAddress=":8080" secure=false
I1127 10:06:59.663807 1 server.go:50] "starting server" kind="health probe" addr="[::]:8085"
I1127 10:06:59.663978 1 controller.go:178] "Starting EventSource" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile" source="kind source: *v1beta1.SeccompProfile"
I1127 10:06:59.664007 1 controller.go:178] "Starting EventSource" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile" source="kind source: *v1alpha1.SecurityProfilesOperatorDaemon"
I1127 10:06:59.664023 1 controller.go:186] "Starting Controller" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile"
I1127 10:06:59.830066 1 controller.go:220] "Starting workers" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile" worker count=1
from security-profiles-operator.
I'm just going round and round. Before we look at it. Is 'security-profiles-operator' supported on AKS clusters without having OLM installed? I just learnt that OLM is not supported on AKS. If 'security-profiles-operator' does not support natively then its dead end.
from security-profiles-operator.
@sybadm it should work, can you update the configuration and see if it gets into the right state?
from security-profiles-operator.
@sybadm it should work, can you update the configuration and see if it gets into the right state?
Which configuration I need to update
from security-profiles-operator.
@sybadm the spod, for example by setting the log level:
kubectl -n security-profiles-operator patch spod spod --type=merge -p '{"spec":{"verbosity":1}}'
from security-profiles-operator.
@sybadm you don't have to install the OLM at all, but I think I can reproduce the issue on AKS.
from security-profiles-operator.
@sybadm you don't have to install the OLM at all, but I think I can reproduce the issue on AKS.
Thanks you so much @saschagrunert for taking a look at it. Really appreciate your time.
As you suggested I tried , but no luck
kubectl -n security-profiles-operator patch spod spod --type=merge -p '{"spec":{"verbosity":1}}'
from security-profiles-operator.
I have a fix in #1985
from security-profiles-operator.
I have a fix in #1985
Excellent
from security-profiles-operator.
@sybadm may I ask you to verify the fix once https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/post-security-profiles-operator-push-image/1729505403827392512 is successfull and we have an updated latest
image tag?
from security-profiles-operator.
Related Issues (20)
- Release v0.8.1
- getting owner profile: the node status owner is of an unknown kind HOT 3
- Manage SELinux booleans HOT 10
- tolerations not honoured HOT 4
- AKS eBPF recording HOT 15
- Can not re-install SPO HOT 1
- ignore istio init container while eBPF profiling HOT 8
- AppArmor does not work HOT 15
- Release v0.8.2 HOT 1
- [Question] Disable webhook deployment HOT 4
- Seeing Policy Violations HOT 7
- Security Profiles Operator should support dynamic infrastructures HOT 4
- Release v0.8.3 HOT 1
- deletion of a `SelinuxProfile` object hangs forever HOT 6
- Proposal: Allow `spoc` to simultaneously record different profile types. HOT 2
- Release v0.8.4 HOT 10
- OLM tests are flaking HOT 3
- Question: Distributing policies with images? HOT 4
- AppArmor Profile not activated.
- Update kubectl command in security-profiles-operator documentation HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-profiles-operator.