opa-scorecard
opa-scorecard copied to clipboard
mcelep
opa-scorecard metrics reporting issue with OpenShift4.14
@mcelep @Knappek @Gaardsholt @laimison Hello Team
I tried to implement this in OpenShift Container Platform. Was able to setup and deployment/pod is up and running. But while trying to access Metrics endpoint via curl facing some 500 error
sh-4.4$ curl -kvs http://192.168.11.95:9141/metrics
- Trying 192.168.11.95...
- TCP_NODELAY set
- Connected to 192.168.11.95 (192.168.11.95) port 9141 (#0)
GET /metrics HTTP/1.1 Host: 192.168.11.95:9141 User-Agent: curl/7.61.1 Accept: /
< HTTP/1.1 500 Internal Server Error < Content-Type: text/plain; charset=utf-8 < X-Content-Type-Options: nosniff < Date: Mon, 11 Dec 2023 17:49:20 GMT < Transfer-Encoding: chunked < An error has occurred while serving metrics:
18 error(s) occurred:
- collected metric "opa_scorecard_constraint_violations" { label:<name:"kind" value:"K8sAssetUUID" > label:<name:"name" value:"assetuuid" > label:<name:"violating_kind" value:"Pod" > label:<name:"violating_name" value:"service-65d669b69f-g6k2v" > label:<name:"violating_namespace" value:"openshift-update-service" > label:<name:"violation_enforcement" value:"warn" > label:<name:"violation_msg" value:"Pod has a missing assetuuid. pod: service-65d669b69f-g6k2v" > gauge:<value:1 > } was collected before with the same name and label values
- collected metric "opa_scorecard_constraint_violations" { label:<name:"kind" value:"K8sAssetUUID" > label:<name:"name" value:"assetuuid" > label:<name:"violating_kind" value:"Pod" > label:<name:"violating_name" value:"service-65d669b69f-g6k2v" > label:<name:"violating_namespace" value:"openshift-update-service" > label:<name:"violation_enforcement" value:"warn" > label:<name:"violation_msg" value:"Pod has a missing assetuuid. pod: service-65d669b69f-g6k2v" > gauge:<value:1 > } was collected before with the same name and label values . . . .
- Connection #0 to host 192.168.11.95 left intact sh-4.4$
Could you please advise me what is worng configuration going here?
OpenShift Target is also showing same 500 error code and Prometheus is not fetching any metrics.
Have added liveness and readiness probes as well and pod is coming up fine. Not seeing any error or warningh in opa-exporter pod log
opa-pod log
2023/12/11 17:55:46 Kind:K8sPSPHostNetworkingPorts, Name:host-network-ports, Namespace: 2023/12/11 17:55:46 Kind:K8sPSPAllowedUsers, Name:allowed-user-ranges, Namespace: 2023/12/11 17:55:46 Kind:K8sPodDisruptionBudget, Name:pod-distruption-budget, Namespace: 2023/12/11 17:55:46 Kind:K8sPSPForbiddenSysctls, Name:sysctls-forbidden, Namespace: 2023/12/11 17:55:46 Kind:K8sPSPReadOnlyRootFilesystem, Name:read-only-root-filesystem, Namespace: 2023/12/11 17:55:46 Kind:K8sPSPSeccomp, Name:psp-seccomp, Namespace: 2023/12/11 17:55:46 Kind:K8sAllowDefaultNamespaceWorkloads, Name:allow-default-namespace-workloads, Namespace: 2023/12/11 17:55:46 Kind:K8sContainerLimits, Name:container-must-have-limits, Namespace: 2023/12/11 17:55:46 Kind:K8sPSPCapabilities, Name:capabilities, Namespace: 2023/12/11 17:55:46 Kind:K8sPSPVolumeTypes, Name:volume-types, Namespace: 2023/12/11 17:55:46 Kind:K8sPSPHostNamespace, Name:host-namespaces, Namespace: 2023/12/11 17:55:46 Kind:K8sContainerRequests, Name:container-must-have-requests, Namespace: 2023/12/11 17:55:46 Kind:K8sAllowedRepos, Name:trusted-repos, Namespace: 2023/12/11 17:55:46 Kind:K8sAssetUUID, Name:assetuuid, Namespace: 2023/12/11 17:55:46 Kind:K8sPSPAutomountServiceAccountTokenPod, Name:psp-automount-serviceaccount-token-pod, Namespace: 2023/12/11 17:55:46 Kind:K8sPSPAllowPrivilegeEscalationContainer, Name:allow-privilege-escalation-container, Namespace: 2023/12/11 17:55:46 Kind:K8sPSPHostFilesystem, Name:host-filesystem, Namespace: 2023/12/11 17:55:46 Kind:K8sPSPPrivilegedContainer, Name:privileged-containers, Namespace: 2023/12/11 17:55:55 Tick at 2023-12-11 17:55:55.264835838 +0000 UTC m=+4340.009384248
