SecuredCluster Local Scanner Pods not Ready after updating the RHACS operator to 4.7

Solution Verified - Updated -

Issue

  • After updating the RHACS Operator to the release 4.7.0, the local Scanner pods from the Secured Cluster are not able to start.
$ oc get pods -l app=scanner -n <SecuredCluster namespace>
NAME                      READY   STATUS     RESTARTS   AGE
scanner-xxxxxxxxx-yyyyy   0/1     Init:0/1   1          15m
scanner-xxxxxxxxx-zzzzz   0/1     Init:0/1   1          15m
scanner-xxxxxxxxx-wwwww   0/1     Init:0/1   1          15m
  • The issue is narrowed down to the Scanner pod init-tls-certs Init Container not being able to start.
$ oc get events -n <SecuredCluster namespace> | grep BackOff
13m         Warning   BackOff                   pod/scanner-7b959496f-62ftk              Back-off restarting failed container init-tls-certs in pod scanner-7b959496f-62ftk_stackrox(00791ff2-e16c-4086-a98a-e0dc04220c9d)
10m         Warning   BackOff                   pod/scanner-7b959496f-7fpb7              Back-off restarting failed container init-tls-certs in pod scanner-7b959496f-7fpb7_stackrox(564748be-dd53-41a2-a7e2-acf7a2f312ad)
14m         Warning   BackOff                   pod/scanner-7b959496f-s7bw8              Back-off restarting failed container init-tls-certs in pod scanner-7b959496f-s7bw8_stackrox(5ab01326-34ee-426b-a878-9533672675af)
[supportshell-1.sush-001.prod.us-west-2.aws.redhat.com] [00:54:28+0000]

Environment

  • Red Hat OpenShift Container Platform (RHOCP) 4
  • Red Hat Advanced Cluster Security for Kubernetes (RHACS)
    • Central is v4.5.z or older
    • Secured Cluster Service is 4.7.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content