How do I troubleshoot confidential containers?
Review these possible issues.
The issues could be caused by a misconfiguration during setup.
To start troubleshooting issues, run the following commands to gather as much data about your confidential containers as you can.
-
Gather information about the operator.
oc get csv -n openshift-sandboxed-containers-operatoroc describe csv -n openshift-sandboxed-containers-operatoroc get all -n openshift-sandboxed-containers-operator -
Retrieve logs and events from all pods related to the DaemonSets.
oc describe pod/osc-caa-ds-<random string> -n openshift-sandboxed-containers-operatoroc logs pod/osc-caa-ds-<random string> -n openshift-sandboxed-containers-operatoroc describe pod/osc-config-sync-install-<random string> -n openshift-sandboxed-containers-operatoroc logs pod/osc-config-sync-install-<random string> -n openshift-sandboxed-containers-operatoroc describe pod/osc-rpm-install-<random string> -n openshift-sandboxed-containers-operatoroc logs pod/osc-rpm-install-<random string> -n openshift-sandboxed-containers-operator -
Gather information about the pods.
a. Gather information about the controller manager.
oc describe pod/controller-manager-<random string> -n openshift-sandboxed-containers-operatoroc logs pod/controller-manager-<random string> -n openshift-sandboxed-containers-operatorb. Gather logs for a a random string.
oc logs pod/<random string>oc describe pod/<random string>c. Gather information about the
openshift-sandboxed-containers-operator-bundle.oc logs pod/trikprot-openshift-sandboxed-containers-operator-bundle-<version>oc describe pod/trikprot-openshift-sandboxed-containers-operator-bundle-<version> -
Gather information about the ConfigMaps.
a. Gather information about the feature gates.
oc get configmap/osc-feature-gates -n openshift-sandboxed-containers-operator -o yamlb. Gather information about the peer pods.
oc get configmap/peer-pods-cm -n openshift-sandboxed-containers-operator -o yamlc. Gather information about the secrets.
oc get secret/auth-json-secret -n openshift-sandboxed-containers-operatoroc get secret/peer-pods-secret -n openshift-sandboxed-containers-operatord. Gather information about the KataConfig.
oc get kataconfigs.kataconfiguration.openshift.io/kata-runtime-settings -n openshift-sandboxed-containers-operator -o yamle. Gather information about the Custom Resource Definitions.
oc get crd/peerpods.confidentialcontainers.orgoc get crd/kataconfigs.kataconfiguration.openshift.io