Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deletion of a SelinuxProfile object hangs forever #2684

Open
Billy99 opened this issue Jan 21, 2025 · 2 comments
Open

deletion of a SelinuxProfile object hangs forever #2684

Billy99 opened this issue Jan 21, 2025 · 2 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@Billy99
Copy link

Billy99 commented Jan 21, 2025

With the security-profiles-operator.v0.8.6

Same issue as #2215, but I was unable to reopen it. I am a coworker of Andrew (who left the company) and the original issue is still happening. The nodes are not coming and going. The logs below are current logs, but very similar to those in #2215.

What happened:

I attempt to delete a selinuxProfile but unable to because the finalizers are never removed by the node agents.

First deployed the security-profiles-operator on Openshift with 3 master and 3 worker nodes via OperatorHub and the OCP Console:

security-profiles-operator 

$ kubectl get pods -n openshift-security-profiles
NAME                                                 READY   STATUS    RESTARTS   AGE
security-profiles-operator-7c4f8fcc46-7ddnx          1/1     Running   0          71s
security-profiles-operator-7c4f8fcc46-frjrg          1/1     Running   0          71s
security-profiles-operator-7c4f8fcc46-tw77h          1/1     Running   0          71s
security-profiles-operator-webhook-6d4cd4d59-bmjrl   1/1     Running   0          65s
security-profiles-operator-webhook-6d4cd4d59-jvtl2   1/1     Running   0          65s
security-profiles-operator-webhook-6d4cd4d59-zrtrr   1/1     Running   0          65s
spod-h6ngk                                           3/3     Running   0          64s
spod-hhlmf                                           3/3     Running   0          64s
spod-m9d9l                                           3/3     Running   0          64s
spod-sv8pj                                           3/3     Running   0          64s
spod-wxff7                                           3/3     Running   0          65s
spod-zz28h                                           3/3     Running   0          64s

Then create an application Namespace and a SelinuxProfile in that namespace:

SelinuxProfile After Create 

$ kubectl get selinuxprofiles -A
NAMESPACE        NAME            USAGE                                  STATE
go-xdp-counter   bpfman-secure   bpfman-secure_go-xdp-counter.process   InProgress

$ kubectl get selinuxprofiles -n go-xdp-counter  bpfman-secure -o yaml
apiVersion: security-profiles-operator.x-k8s.io/v1alpha2
kind: SelinuxProfile
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"security-profiles-operator.x-k8s.io/v1alpha2","kind":"SelinuxProfile","metadata":{"annotations":{},"name":"bpfman-secure","namespace":"go-xdp-counter"},"spec":{"allow":{"@self":{"bpf":["map_read","map_write"]},"spc_t":{"bpf":["map_read","map_write"]}},"inherit":[{"kind":"System","name":"container"}]}}
  creationTimestamp: "2025-01-21T15:08:04Z"
  finalizers:
  - ci-ln-jdyin4t-72292-tqgkv-master-2-deleted
  - ci-ln-jdyin4t-72292-tqgkv-worker-b-p5kjg-deleted
  - ci-ln-jdyin4t-72292-tqgkv-master-0-deleted
  - ci-ln-jdyin4t-72292-tqgkv-worker-a-4xq5t-deleted
  - ci-ln-jdyin4t-72292-tqgkv-master-1-deleted
  - ci-ln-jdyin4t-72292-tqgkv-worker-c-kbfzc-deleted
  generation: 1
  labels:
    spo.x-k8s.io/profile-id: SelinuxProfile-bpfman-secure
  name: bpfman-secure
  namespace: go-xdp-counter
  resourceVersion: "63892"
  uid: ad0b3724-f565-43e4-8fb8-8c496550cef2
spec:
  allow:
    '@self':
      bpf:
      - map_read
      - map_write
    spc_t:
      bpf:
      - map_read
      - map_write
  disabled: false
  inherit:
  - kind: System
    name: container
  permissive: false
status:
  conditions:
  - lastTransitionTime: "2025-01-21T15:08:45Z"
    reason: Available
    status: "True"
    type: Ready
  status: Installed
  usage: bpfman-secure_go-xdp-counter.process

Then create a pod in the application namespace to use the SelinuxProfile.

SelinuxProfile After Application Pod Created 

$ kubectl get selinuxprofiles -n go-xdp-counter  bpfman-secure -o yaml
apiVersion: security-profiles-operator.x-k8s.io/v1alpha2
kind: SelinuxProfile
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"security-profiles-operator.x-k8s.io/v1alpha2","kind":"SelinuxProfile","metadata":{"annotations":{},"name":"bpfman-secure","namespace":"go-xdp-counter"},"spec":{"allow":{"@self":{"bpf":["map_read","map_write"]},"spc_t":{"bpf":["map_read","map_write"]}},"inherit":[{"kind":"System","name":"container"}]}}
  creationTimestamp: "2025-01-21T15:08:04Z"
  finalizers:
  - ci-ln-jdyin4t-72292-tqgkv-master-2-deleted
  - ci-ln-jdyin4t-72292-tqgkv-worker-b-p5kjg-deleted
  - ci-ln-jdyin4t-72292-tqgkv-master-0-deleted
  - ci-ln-jdyin4t-72292-tqgkv-worker-a-4xq5t-deleted
  - ci-ln-jdyin4t-72292-tqgkv-master-1-deleted
  - ci-ln-jdyin4t-72292-tqgkv-worker-c-kbfzc-deleted
  - in-use-by-active-pods
  generation: 1
  labels:
    spo.x-k8s.io/profile-id: SelinuxProfile-bpfman-secure
  name: bpfman-secure
  namespace: go-xdp-counter
  resourceVersion: "69314"
  uid: ad0b3724-f565-43e4-8fb8-8c496550cef2
spec:
  allow:
    '@self':
      bpf:
      - map_read
      - map_write
    spc_t:
      bpf:
      - map_read
      - map_write
  disabled: false
  inherit:
  - kind: System
    name: container
  permissive: false
status:
  activeWorkloads:
  - go-xdp-counter/go-xdp-counter-ds-vgf8z
  - go-xdp-counter/go-xdp-counter-ds-dt655
  - go-xdp-counter/go-xdp-counter-ds-xbqmw
  - go-xdp-counter/go-xdp-counter-ds-f2mtc
  - go-xdp-counter/go-xdp-counter-ds-tt56w
  - go-xdp-counter/go-xdp-counter-ds-kgt85
  conditions:
  - lastTransitionTime: "2025-01-21T15:08:45Z"
    reason: Available
    status: "True"
    type: Ready
  status: Installed
  usage: bpfman-secure_go-xdp-counter.process

After a few minutes when pod is verified to be working properly, remove the pod.

SelinuxProfile After Application Pod Deleted 

$ kubectl get selinuxprofiles -n go-xdp-counter  bpfman-secure -o yaml
apiVersion: security-profiles-operator.x-k8s.io/v1alpha2
kind: SelinuxProfile
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"security-profiles-operator.x-k8s.io/v1alpha2","kind":"SelinuxProfile","metadata":{"annotations":{},"name":"bpfman-secure","namespace":"go-xdp-counter"},"spec":{"allow":{"@self":{"bpf":["map_read","map_write"]},"spc_t":{"bpf":["map_read","map_write"]}},"inherit":[{"kind":"System","name":"container"}]}}
  creationTimestamp: "2025-01-21T15:08:04Z"
  finalizers:
  - ci-ln-jdyin4t-72292-tqgkv-master-2-deleted
  - ci-ln-jdyin4t-72292-tqgkv-worker-b-p5kjg-deleted
  - ci-ln-jdyin4t-72292-tqgkv-master-0-deleted
  - ci-ln-jdyin4t-72292-tqgkv-worker-a-4xq5t-deleted
  - ci-ln-jdyin4t-72292-tqgkv-master-1-deleted
  - ci-ln-jdyin4t-72292-tqgkv-worker-c-kbfzc-deleted
  generation: 1
  labels:
    spo.x-k8s.io/profile-id: SelinuxProfile-bpfman-secure
  name: bpfman-secure
  namespace: go-xdp-counter
  resourceVersion: "70392"
  uid: ad0b3724-f565-43e4-8fb8-8c496550cef2
spec:
  allow:
    '@self':
      bpf:
      - map_read
      - map_write
    spc_t:
      bpf:
      - map_read
      - map_write
  disabled: false
  inherit:
  - kind: System
    name: container
  permissive: false
status:
  conditions:
  - lastTransitionTime: "2025-01-21T15:08:45Z"
    reason: Available
    status: "True"
    type: Ready
  status: Installed
  usage: bpfman-secure_go-xdp-counter.process

Then attempt to delete the SelinuxProfile and the command hangs.

SelinuxProfile After Attempting to delete SelinuxProfile 

$ kubectl get selinuxprofiles -n go-xdp-counter  bpfman-secure -o yaml
apiVersion: security-profiles-operator.x-k8s.io/v1alpha2
kind: SelinuxProfile
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"security-profiles-operator.x-k8s.io/v1alpha2","kind":"SelinuxProfile","metadata":{"annotations":{},"name":"bpfman-secure","namespace":"go-xdp-counter"},"spec":{"allow":{"@self":{"bpf":["map_read","map_write"]},"spc_t":{"bpf":["map_read","map_write"]}},"inherit":[{"kind":"System","name":"container"}]}}
  creationTimestamp: "2025-01-21T15:08:04Z"
  deletionGracePeriodSeconds: 0
  deletionTimestamp: "2025-01-21T15:22:55Z"
  finalizers:
  - ci-ln-jdyin4t-72292-tqgkv-master-2-deleted
  - ci-ln-jdyin4t-72292-tqgkv-worker-b-p5kjg-deleted
  - ci-ln-jdyin4t-72292-tqgkv-master-0-deleted
  - ci-ln-jdyin4t-72292-tqgkv-worker-a-4xq5t-deleted
  - ci-ln-jdyin4t-72292-tqgkv-master-1-deleted
  - ci-ln-jdyin4t-72292-tqgkv-worker-c-kbfzc-deleted
  generation: 2
  labels:
    spo.x-k8s.io/profile-id: SelinuxProfile-bpfman-secure
  name: bpfman-secure
  namespace: go-xdp-counter
  resourceVersion: "71281"
  uid: ad0b3724-f565-43e4-8fb8-8c496550cef2
spec:
  allow:
    '@self':
      bpf:
      - map_read
      - map_write
    spc_t:
      bpf:
      - map_read
      - map_write
  disabled: false
  inherit:
  - kind: System
    name: container
  permissive: false
status:
  conditions:
  - lastTransitionTime: "2025-01-21T15:22:55Z"
    reason: Deleting
    status: "False"
    type: Ready
  status: Terminating
  usage: bpfman-secure_go-xdp-counter.process
security-profiles-operator Logs 

$ kubectl logs -n openshift-security-profiles security-profiles-operator-7c4f8fcc46-frjrg
I0121 14:52:42.289339       1 main.go:263] "Set logging verbosity to 0"
I0121 14:52:42.289365       1 main.go:269] "Profiling support enabled: false"
I0121 14:52:42.289448       1 main.go:289] "starting component: security-profiles-operator" logger="setup" version="0.8.4" gitCommit="unknown" gitCommitDate="unknown" gitTreeState="clean" buildDate="2024-12-05T09:06:06Z" goVersion="go1.21.13 (Red Hat 1.21.13-3.module+el8.10.0+22345+acdd8d0e)" compiler="gc" platform="linux/amd64" libseccomp="2.5.2" libbpf="none" buildTags="netgo,osusergo,seccomp,no_bpf" ldFlags="unknown" cgoldFlags="unknown" dependencies="cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=,cuelabs.dev/go/oci/ociregistry v0.0.0-20231103182354-93e78c079a13 h1:zkiIe8AxZ/kDjqQN+mDKc5BxoVJOqioSdqApjc+eB1I=,cuelang.org/go v0.7.0 h1:gMztinxuKfJwMIxtboFsNc6s8AxwJGgsJV+3CuLffHI=,filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=,github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 h1:8+4G8JaejP8Xa6W46PzJEwisNgBXMvFcz78N6zG/ARw=,github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=,github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw=,github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8=,github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk=,github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 h1:w77/uPk80ZET2F+AfQExZyEWtn+0Rk/uw17m9fv5Ajc=,github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=,github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=,github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=,github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=,github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=,github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8=,github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 h1:iC9YFYKDGEy3n/FtqJnOkZsene9olVspKmkX5A2YBEo=,github.com/alibabacloud-go/cr-20160607 v1.0.1 h1:WEnP1iPFKJU74ryUKh/YDPHoxMZawqlPajOymyNAkts=,github.com/alibabacloud-go/cr-20181201 v1.0.10 h1:B60f6S1imsgn2fgC6X6FrVNrONDrbCT0NwYhsJ0C9/c=,github.com/alibabacloud-go/darabonba-openapi v0.2.1 h1:WyzxxKvhdVDlwpAMOHgAiCJ+NXa6g5ZWPFEzaK/ewwY=,github.com/alibabacloud-go/debug v1.0.0 h1:3eIEQWfay1fB24PQIEzXAswlVJtdQok8f3EVN5VrBnA=,github.com/alibabacloud-go/endpoint-util v1.1.1 h1:ZkBv2/jnghxtU0p+upSU0GGzW1VL9GQdZO3mcSUTUy8=,github.com/alibabacloud-go/openapi-util v0.1.0 h1:0z75cIULkDrdEhkLWgi9tnLe+KhAFE/r5Pb3312/eAY=,github.com/alibabacloud-go/tea v1.2.1 h1:rFF1LnrAdhaiPmKwH5xwYOKlMh66CqRwPUTzIK74ask=,github.com/alibabacloud-go/tea-utils v1.4.5 h1:h0/6Xd2f3bPE4XHTvkpjwxowIwRCJAJOqY6Eq8f3zfA=,github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0=,github.com/aliyun/credentials-go v1.3.1 h1:uq/0v7kWrxmoLGpqjx7vtQ/s03f0zR//0br/xWDTE28=,github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=,github.com/aws/aws-sdk-go-v2 v1.26.0 h1:/Ce4OCiM3EkpW7Y+xUnfAFpchU78K7/Ug01sZni9PgA=,github.com/aws/aws-sdk-go-v2/config v1.27.9 h1:gRx/NwpNEFSk+yQlgmk1bmxxvQ5TyJ76CWXs9XScTqg=,github.com/aws/aws-sdk-go-v2/credentials v1.17.9 h1:N8s0/7yW+h8qR8WaRlPQeJ6czVMNQVNtNdUqf6cItao=,github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0 h1:af5YzcLf80tv4Em4jWVD75lpnOHSBkPUZxZfGkrI3HI=,github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 h1:0ScVK/4qZ8CIW0k8jOeFVsyS/sAiXpYxRBLolMkuLQM=,github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 h1:sHmMWWX5E7guWEFQ9SVo6A3S4xpPrWnd77a6y4WM6PU=,github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=,github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 h1:y6LX9GUoEA3mO0qpFl1ZQHj1rFyPWVphlzebiSt2tKE=,github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 h1:PpbXaecV3sLAS6rjQiaKw4/jyq3Z8gNzmoJupHAoBp0=,github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE=,github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 h1:b+E7zIUHMmcB4Dckjpkapoy47W6C9QBv/zoUP+Hn8Kc=,github.com/aws/aws-sdk-go-v2/service/sso v1.20.3 h1:mnbuWHOcM70/OFUlZZ5rcdfA8PflGXXiefU/O+1S3+8=,github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3 h1:uLq0BKatTmDzWa/Nu4WO0M1AaQDaPpwTKAeByEc6WFM=,github.com/aws/aws-sdk-go-v2/service/sts v1.28.5 h1:J/PpTf/hllOjx8Xu9DMflff3FajfLxqM5+tepvVXmxg=,github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw=,github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M=,github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=,github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=,github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=,github.com/buildkite/agent/v3 v3.62.0 h1:yvzSjI8Lgifw883I8m9u8/L/Thxt4cLFd5aWPn3gg70=,github.com/buildkite/go-pipeline v0.3.2 h1:SW4EaXNwfjow7xDRPGgX0Rcx+dPj5C1kV9LKCLjWGtM=,github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 h1:k6UDF1uPYOs0iy1HPeotNa155qXRWrzKnqAaGXHLZCE=,github.com/cert-manager/cert-manager v1.14.5 h1:uuM1O2g2S80nxiH3eW2cZYMGiL2zmDFVdAzg8sibWuc=,github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=,github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4=,github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME=,github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=,github.com/cockroachdb/apd/v3 v3.2.1 h1:U+8j7t0axsIgvQUqthuNm82HIrYXodOV2iWLWtEaIwg=,github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ=,github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=,github.com/containers/common v0.59.0 h1:fy9Jz0B7Qs1C030bm73YJtVddaiFSZD3558EV1tgN2g=,github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU=,github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM=,github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f h1:eHnXnuK47UlSTOQexbzxAZfekVz6i+LKRdj1CU5DPaM=,github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=,github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 h1:ge14PCmCvPjpMQMIAH7uKg0lrtNSOdpYsRXlwk3QbaE=,github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 h1:lxmTCgmHE1GUYL7P0MlNa00M67axePTq+9nBSGddR8I=,github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=,github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1xfI36MSkFg=,github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=,github.com/docker/docker v26.1.3+incompatible h1:lLCzRbrVZrljpVNobJu1J2FHk8V0s4BawoZippkc+xo=,github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo=,github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=,github.com/emicklei/proto v1.12.1 h1:6n/Z2pZAnBwuhU66Gs8160B8rrrYKo7h2F2sCOnNceE=,github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro=,github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=,github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=,github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec=,github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=,github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=,github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=,github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=,github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=,github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU=,github.com/go-openapi/errors v0.22.0 h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w=,github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=,github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=,github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco=,github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ=,github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=,github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c=,github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=,github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=,github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=,github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=,github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=,github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=,github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=,github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=,github.com/google/certificate-transparency-go v1.1.8 h1:LGYKkgZF7satzgTak9R4yzfJXEeYVAjV6/EAEJOf1to=,github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU=,github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=,github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY=,github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg=,github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=,github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=,github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=,github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=,github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=,github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=,github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=,github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=,github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM=,github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=,github.com/in-toto/in-toto-golang v0.9.0 h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ9EBM1XU=,github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY=,github.com/jellydator/ttlcache/v3 v3.2.0 h1:6lqVJ8X3ZaUwvzENqPAobDsXNExfUJd61u++uW8a3LE=,github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY=,github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=,github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=,github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=,github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 h1:WGrKdjHtWC67RX96eTkYD2f53NDHhrq/7robWTAfk4s=,github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=,github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=,github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=,github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=,github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=,github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=,github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=,github.com/mozillazg/docker-credential-acr-helper v0.3.0 h1:DVWFZ3/O8BP6Ue3iS/Olw+G07u1hCq1EOVCDZZjCIBI=,github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de h1:D5x39vF5KCwKQaw+OC9ZPiLVHXz3UFw2+psEX+gYcto=,github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=,github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 h1:Up6+btDp321ZG5/zdSLo48H9Iaq0UQGthrhWC6pCxzE=,github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY=,github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=,github.com/oleiade/reflections v1.0.1 h1:D1XO3LVEYroYskEsoSiGItp9RUxG6jWnCVvrqH0HHQM=,github.com/open-policy-agent/opa v0.61.0 h1:nhncQ2CAYtQTV/SMBhDDPsCpCQsUW+zO/1j+T5V7oZg=,github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=,github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=,github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=,github.com/openshift/api v0.0.0-20221205111557-f2fbb1d1cd5e h1:a0EWi14QFqKNzQUrML8K800Ko+dttLPuMGQOCVIDCDY=,github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=,github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=,github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=,github.com/pjbgf/go-apparmor v0.1.2 h1:FvMwkThr/XjL3PLAmzpW+p+OcaUWWi92hRi9uc7BdQg=,github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=,github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0 h1:AHzMWDxNiAVscJL6+4wkvFRTpMnJqiaZFEKA/osaBXE=,github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=,github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=,github.com/prometheus/common v0.51.1 h1:eIjN50Bwglz6a/c3hAgSMcofL3nD+nFQkV6Dd4DsQCw=,github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=,github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf h1:014O62zIzQwvoD7Ekj3ePDF5bv9Xxy0w6AZk0qYbjUk=,github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=,github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=,github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=,github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A=,github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY=,github.com/secure-systems-lab/go-securesystemslib v0.8.0 h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA=,github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=,github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh5dkI=,github.com/sigstore/cosign/v2 v2.2.3 h1:WX7yawI+EXu9h7S5bZsfYCbB9XW6Jc43ctKy/NoOSiA=,github.com/sigstore/fulcio v1.4.5 h1:WWNnrOknD0DbruuZWCbN+86WRROpEl3Xts+WT2Ek1yc=,github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8=,github.com/sigstore/sigstore v1.8.3 h1:G7LVXqL+ekgYtYdksBks9B38dPoIsbscjQJX/MGWkA4=,github.com/sigstore/timestamp-authority v1.2.1 h1:j9RmqSAdvKgSofeltPO4x7d+1M3AXaROBzUJ+AA7L5Q=,github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=,github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=,github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=,github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=,github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=,github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=,github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ=,github.com/spiffe/go-spiffe/v2 v2.1.7 h1:VUkM1yIyg/x8X7u1uXqSRVRCdMdfRIEdFBzpqoeASGk=,github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=,github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d h1:vfofYNRScrDdvS342BElfbETmL1Aiz3i2t0zfRj16Hs=,github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes=,github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI=,github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0=,github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=,github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4=,github.com/urfave/cli/v2 v2.27.1 h1:8xSQ6szndafKVRmfyeUMxkNUJQMjL1F2zmsZ+qHpfho=,github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts=,github.com/xanzy/go-gitlab v0.96.0 h1:LGkZ+wSNMRtHIBaYE4Hq3dZVjprwHv3Y1+rhKU3WETs=,github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=,github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=,github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=,github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg=,github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs=,go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=,go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=,go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=,go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=,go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=,go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw=,go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=,go.step.sm/crypto v0.44.2 h1:t3p3uQ7raP2jp2ha9P6xkQF85TJZh+87xmjSLaib+jk=,go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=,go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=,golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=,golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=,golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=,golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=,golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI=,golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=,golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=,golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw=,golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=,golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=,gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=,google.golang.org/api v0.172.0 h1:/1OcMZGPmW1rX2LCu2CmGUD1KXK1+pfzxotxyRUCCdk=,google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc=,google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=,google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=,gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs=,gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=,gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=,gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=,gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=,gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=,k8s.io/api v0.29.5 h1:levS+umUigHCfI3riD36pMY1vQEbrzh4r1ivVWAhHaI=,k8s.io/apiextensions-apiserver v0.29.5 h1:njDywexhE6n+1NEl3A4axT0TMQHREnndrk3/ztdWcNE=,k8s.io/apimachinery v0.29.5 h1:Hofa2BmPfpoT+IyDTlcPdCHSnHtEQMoJYGVoQpRTfv4=,k8s.io/client-go v0.29.5 h1:nlASXmPQy190qTteaVP31g3c/wi2kycznkTP7Sv1zPc=,k8s.io/component-base v0.29.5 h1:Ptj8AzG+p8c2a839XriHwxakDpZH9uvIgYz+o1agjg8=,k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=,k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 h1:avRdiaB03v88Mfvum2S3BBwkNuTlmuar4LlfO9Hajko=,k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY=,oras.land/oras-go/v2 v2.4.0 h1:i+Wt5oCaMHu99guBD0yuBjdLvX7Lz8ukPbwXdR7uBMs=,sigs.k8s.io/controller-runtime v0.17.3 h1:65QmN7r3FWgTxDMz9fvGnO1kbf2nu+acg9p2R9oYYYk=,sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs=,sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=,sigs.k8s.io/release-utils v0.8.1 h1:qSA9p3vZzO6RAq7zvzupCZjR29+n3NK9DSJPe9bSf7w=,sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=,sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E="
I0121 14:52:42.290778       1 main.go:368] "watching all namespaces" logger="setup"
I0121 14:52:42.315458       1 setup.go:174] "matched selinuxd image against nodeInfo" logger="spod-config" image="registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:e70bc58c180655b98f5f1cda84d1314f57f9df919cd184183d91544e26849dd0"
I0121 14:52:42.329700       1 main.go:351] "starting manager" logger="setup"
I0121 14:52:42.329787       1 server.go:185] "Starting metrics server" logger="controller-runtime.metrics"
I0121 14:52:42.330277       1 server.go:224] "Serving metrics server" logger="controller-runtime.metrics" bindAddress=":8080" secure=false
I0121 14:52:42.530968       1 leaderelection.go:250] attempting to acquire leader lease openshift-security-profiles/security-profiles-operator-lock...
I0121 14:52:42.551338       1 leaderelection.go:260] successfully acquired lease openshift-security-profiles/security-profiles-operator-lock
I0121 14:52:42.551682       1 controller.go:178] "Starting EventSource" controller="nodestatus" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SecurityProfileNodeStatus" source="kind source: *v1alpha1.SecurityProfileNodeStatus"
I0121 14:52:42.551803       1 controller.go:186] "Starting Controller" controller="nodestatus" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SecurityProfileNodeStatus"
I0121 14:52:42.551798       1 controller.go:178] "Starting EventSource" controller="policymerger" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="ProfileRecording" source="kind source: *v1alpha1.ProfileRecording"
I0121 14:52:42.551864       1 controller.go:178] "Starting EventSource" controller="pods" controllerGroup="" controllerKind="Pod" source="kind source: *v1.Pod"
I0121 14:52:42.551887       1 controller.go:186] "Starting Controller" controller="policymerger" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="ProfileRecording"
I0121 14:52:42.551733       1 controller.go:178] "Starting EventSource" controller="spod-config" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SecurityProfilesOperatorDaemon" source="kind source: *v1alpha1.SecurityProfilesOperatorDaemon"
I0121 14:52:42.552041       1 controller.go:178] "Starting EventSource" controller="spod-config" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SecurityProfilesOperatorDaemon" source="kind source: *v1.DaemonSet"
I0121 14:52:42.552073       1 controller.go:186] "Starting Controller" controller="spod-config" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SecurityProfilesOperatorDaemon"
I0121 14:52:42.551942       1 controller.go:186] "Starting Controller" controller="pods" controllerGroup="" controllerKind="Pod"
I0121 14:52:42.652466       1 controller.go:220] "Starting workers" controller="policymerger" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="ProfileRecording" worker count=1
I0121 14:52:42.652524       1 controller.go:220] "Starting workers" controller="nodestatus" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SecurityProfileNodeStatus" worker count=1
I0121 14:52:42.654910       1 controller.go:220] "Starting workers" controller="pods" controllerGroup="" controllerKind="Pod" worker count=1
I0121 14:52:42.654970       1 controller.go:220] "Starting workers" controller="spod-config" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SecurityProfilesOperatorDaemon" worker count=1
I0121 14:52:42.655139       1 spod_controller.go:244] "Adding an initial status to the SPOD instance" logger="spod-config" profile="spod" namespace="openshift-security-profiles"
I0121 14:52:42.871005       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"
I0121 14:52:42.871264       1 spod_controller.go:325] "Deploying operator webhook" logger="spod-config"
I0121 14:52:42.932075       1 warning_handler.go:65] "spec.template.metadata.annotations[seccomp.security.alpha.kubernetes.io/pod]: non-functional in v1.27+; use the \"seccompProfile\" field instead" logger="KubeAPIWarningLogger"
I0121 14:52:42.932189       1 spod_controller.go:331] "Creating operator resources" logger="spod-config"
I0121 14:52:42.932211       1 spod_controller.go:336] "Deploying operator daemonset" logger="spod-config"
I0121 14:52:42.949952       1 spod_controller.go:344] "Deploying operator default profiles" logger="spod-config"
I0121 14:52:42.949981       1 spod_controller.go:359] "Deploying metrics service" logger="spod-config"
I0121 14:52:42.985388       1 spod_controller.go:367] "Deploying operator service monitor" logger="spod-config"
I0121 14:52:43.018563       1 spod_controller.go:259] "Adding 'Creating' status to the SPOD instance" logger="spod-config" profile="spod" namespace="openshift-security-profiles"
I0121 14:52:43.046563       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"
I0121 14:52:43.148695       1 spod_controller.go:298] "Adding 'Running' status to the SPOD instance" logger="spod-config" profile="spod" namespace="openshift-security-profiles"
I0121 14:52:43.184557       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"
I0121 14:53:36.865842       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"

<TRIM Repeated logs>

I0121 15:06:44.349911       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"
I0121 15:07:11.504461       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"
I0121 15:07:38.658546       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"
I0121 15:08:05.001413       1 nodestatus.go:134] "Initializing Profile status" logger="nodestatus" nodeStatus="bpfman-secure-ci-ln-jdyin4t-72292-tqgkv-master-2" namespace="go-xdp-counter" Profile.Name="bpfman-secure" Profile.Namespace="go-xdp-counter" Profile.Kind="security-profiles-operator.x-k8s.io/v1alpha2, Kind=SelinuxProfile"
I0121 15:08:05.013816       1 nodestatus.go:174] "Not updating policy: not all statuses are ready" logger="nodestatus" nodeStatus="bpfman-secure-ci-ln-jdyin4t-72292-tqgkv-master-2" namespace="go-xdp-counter" has=1 wants=6
I0121 15:08:05.562985       1 nodestatus.go:174] "Not updating policy: not all statuses are ready" logger="nodestatus" nodeStatus="bpfman-secure-ci-ln-jdyin4t-72292-tqgkv-worker-b-p5kjg" namespace="go-xdp-counter" has=2 wants=6
I0121 15:08:05.567573       1 nodestatus.go:174] "Not updating policy: not all statuses are ready" logger="nodestatus" nodeStatus="bpfman-secure-ci-ln-jdyin4t-72292-tqgkv-master-0" namespace="go-xdp-counter" has=3 wants=6
I0121 15:08:05.588406       1 nodestatus.go:174] "Not updating policy: not all statuses are ready" logger="nodestatus" nodeStatus="bpfman-secure-ci-ln-jdyin4t-72292-tqgkv-master-0" namespace="go-xdp-counter" has=3 wants=6
I0121 15:08:05.588617       1 nodestatus.go:174] "Not updating policy: not all statuses are ready" logger="nodestatus" nodeStatus="bpfman-secure-ci-ln-jdyin4t-72292-tqgkv-worker-b-p5kjg" namespace="go-xdp-counter" has=3 wants=6
I0121 15:08:05.813337       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"
I0121 15:08:06.268048       1 nodestatus.go:174] "Not updating policy: not all statuses are ready" logger="nodestatus" nodeStatus="bpfman-secure-ci-ln-jdyin4t-72292-tqgkv-worker-a-4xq5t" namespace="go-xdp-counter" has=4 wants=6
I0121 15:08:06.280803       1 nodestatus.go:174] "Not updating policy: not all statuses are ready" logger="nodestatus" nodeStatus="bpfman-secure-ci-ln-jdyin4t-72292-tqgkv-worker-a-4xq5t" namespace="go-xdp-counter" has=4 wants=6
I0121 15:08:06.299221       1 nodestatus.go:174] "Not updating policy: not all statuses are ready" logger="nodestatus" nodeStatus="bpfman-secure-ci-ln-jdyin4t-72292-tqgkv-master-1" namespace="go-xdp-counter" has=5 wants=6
I0121 15:08:06.310042       1 nodestatus.go:174] "Not updating policy: not all statuses are ready" logger="nodestatus" nodeStatus="bpfman-secure-ci-ln-jdyin4t-72292-tqgkv-master-1" namespace="go-xdp-counter" has=5 wants=6
I0121 15:08:32.968391       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"
I0121 15:09:00.122928       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"

<TRIM Repeated logs>

I0121 15:17:36.059258       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"
I0121 15:18:03.213207       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"
I0121 15:18:11.470886       1 warning_handler.go:65] "metadata.finalizers: \"in-use-by-active-pods\": prefer a domain-qualified finalizer name to avoid accidental conflicts with other finalizer writers" logger="KubeAPIWarningLogger"
I0121 15:18:30.368250       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"
I0121 15:18:57.522490       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"

<TRIM Repeated logs>

I0121 15:24:23.375636       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"
I0121 15:24:50.530151       1 ca.go:59] "Using OpenShift as certificate provider" logger="spod-config"

What you expected to happen:

SelinuxProfile is cleaned up correctly

How to reproduce it (as minimally and precisely as possible):

Spin up an Openshift 4.18-nightly cluster with 3 master and 3 worker nodes on GCP

$ kubectl version
Client Version: v1.28.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.31.4

First deployed the security-profiles-operator on Openshift 4.18-nightly with 3 master and 3 worker nodes via OperatorHub and the OCP Console.

install a SelinuxProfile, use it in a pod, then delete it

Anything else we need to know?:

Environment:

  • Cloud provider or hardware configuration: OCP on GCP
  • OS (e.g: cat /etc/os-release):
sh-5.1# cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="9.4 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.4"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.4 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
BUG_REPORT_URL="https://issues.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.4
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.4"
  • Kernel (e.g. uname -a):
sh-5.1# uname -a
Linux ci-ln-jdyin4t-72292-tqgkv-master-0 5.14.0-427.52.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Jan 17 15:44:08 EST 2025 x86_64 x86_64 x86_64 GNU/Linux
  • Others:
@Billy99 Billy99 added the kind/bug Categorizes issue or PR as related to a bug. label Jan 21, 2025
@Billy99
Copy link
Author

Billy99 commented Jan 21, 2025

spod "security-profiles-operator" Logs 

$ kubectl logs -n openshift-security-profiles spod-h6ngk
Defaulted container "security-profiles-operator" out of: security-profiles-operator, selinuxd, metrics, non-root-enabler (init), selinux-shared-policies-copier (init)
I0121 14:53:34.768441       1 main.go:263] "Set logging verbosity to 0"
I0121 14:53:34.768472       1 main.go:269] "Profiling support enabled: false"
I0121 14:53:34.768566       1 main.go:289] "starting component: spod" logger="setup" version="0.8.4" gitCommit="unknown" gitCommitDate="unknown" gitTreeState="clean" buildDate="2024-12-05T09:06:06Z" goVersion="go1.21.13 (Red Hat 1.21.13-3.module+el8.10.0+22345+acdd8d0e)" compiler="gc" platform="linux/amd64" libseccomp="2.5.2" libbpf="none" buildTags="netgo,osusergo,seccomp,no_bpf" ldFlags="unknown" cgoldFlags="unknown" dependencies="cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=,cuelabs.dev/go/oci/ociregistry v0.0.0-20231103182354-93e78c079a13 h1:zkiIe8AxZ/kDjqQN+mDKc5BxoVJOqioSdqApjc+eB1I=,cuelang.org/go v0.7.0 h1:gMztinxuKfJwMIxtboFsNc6s8AxwJGgsJV+3CuLffHI=,filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=,github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 h1:8+4G8JaejP8Xa6W46PzJEwisNgBXMvFcz78N6zG/ARw=,github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=,github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw=,github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8=,github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk=,github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 h1:w77/uPk80ZET2F+AfQExZyEWtn+0Rk/uw17m9fv5Ajc=,github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=,github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=,github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=,github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=,github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=,github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8=,github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 h1:iC9YFYKDGEy3n/FtqJnOkZsene9olVspKmkX5A2YBEo=,github.com/alibabacloud-go/cr-20160607 v1.0.1 h1:WEnP1iPFKJU74ryUKh/YDPHoxMZawqlPajOymyNAkts=,github.com/alibabacloud-go/cr-20181201 v1.0.10 h1:B60f6S1imsgn2fgC6X6FrVNrONDrbCT0NwYhsJ0C9/c=,github.com/alibabacloud-go/darabonba-openapi v0.2.1 h1:WyzxxKvhdVDlwpAMOHgAiCJ+NXa6g5ZWPFEzaK/ewwY=,github.com/alibabacloud-go/debug v1.0.0 h1:3eIEQWfay1fB24PQIEzXAswlVJtdQok8f3EVN5VrBnA=,github.com/alibabacloud-go/endpoint-util v1.1.1 h1:ZkBv2/jnghxtU0p+upSU0GGzW1VL9GQdZO3mcSUTUy8=,github.com/alibabacloud-go/openapi-util v0.1.0 h1:0z75cIULkDrdEhkLWgi9tnLe+KhAFE/r5Pb3312/eAY=,github.com/alibabacloud-go/tea v1.2.1 h1:rFF1LnrAdhaiPmKwH5xwYOKlMh66CqRwPUTzIK74ask=,github.com/alibabacloud-go/tea-utils v1.4.5 h1:h0/6Xd2f3bPE4XHTvkpjwxowIwRCJAJOqY6Eq8f3zfA=,github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0=,github.com/aliyun/credentials-go v1.3.1 h1:uq/0v7kWrxmoLGpqjx7vtQ/s03f0zR//0br/xWDTE28=,github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=,github.com/aws/aws-sdk-go-v2 v1.26.0 h1:/Ce4OCiM3EkpW7Y+xUnfAFpchU78K7/Ug01sZni9PgA=,github.com/aws/aws-sdk-go-v2/config v1.27.9 h1:gRx/NwpNEFSk+yQlgmk1bmxxvQ5TyJ76CWXs9XScTqg=,github.com/aws/aws-sdk-go-v2/credentials v1.17.9 h1:N8s0/7yW+h8qR8WaRlPQeJ6czVMNQVNtNdUqf6cItao=,github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0 h1:af5YzcLf80tv4Em4jWVD75lpnOHSBkPUZxZfGkrI3HI=,github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 h1:0ScVK/4qZ8CIW0k8jOeFVsyS/sAiXpYxRBLolMkuLQM=,github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 h1:sHmMWWX5E7guWEFQ9SVo6A3S4xpPrWnd77a6y4WM6PU=,github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=,github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 h1:y6LX9GUoEA3mO0qpFl1ZQHj1rFyPWVphlzebiSt2tKE=,github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 h1:PpbXaecV3sLAS6rjQiaKw4/jyq3Z8gNzmoJupHAoBp0=,github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE=,github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 h1:b+E7zIUHMmcB4Dckjpkapoy47W6C9QBv/zoUP+Hn8Kc=,github.com/aws/aws-sdk-go-v2/service/sso v1.20.3 h1:mnbuWHOcM70/OFUlZZ5rcdfA8PflGXXiefU/O+1S3+8=,github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3 h1:uLq0BKatTmDzWa/Nu4WO0M1AaQDaPpwTKAeByEc6WFM=,github.com/aws/aws-sdk-go-v2/service/sts v1.28.5 h1:J/PpTf/hllOjx8Xu9DMflff3FajfLxqM5+tepvVXmxg=,github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw=,github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M=,github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=,github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=,github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=,github.com/buildkite/agent/v3 v3.62.0 h1:yvzSjI8Lgifw883I8m9u8/L/Thxt4cLFd5aWPn3gg70=,github.com/buildkite/go-pipeline v0.3.2 h1:SW4EaXNwfjow7xDRPGgX0Rcx+dPj5C1kV9LKCLjWGtM=,github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 h1:k6UDF1uPYOs0iy1HPeotNa155qXRWrzKnqAaGXHLZCE=,github.com/cert-manager/cert-manager v1.14.5 h1:uuM1O2g2S80nxiH3eW2cZYMGiL2zmDFVdAzg8sibWuc=,github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=,github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4=,github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME=,github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=,github.com/cockroachdb/apd/v3 v3.2.1 h1:U+8j7t0axsIgvQUqthuNm82HIrYXodOV2iWLWtEaIwg=,github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ=,github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=,github.com/containers/common v0.59.0 h1:fy9Jz0B7Qs1C030bm73YJtVddaiFSZD3558EV1tgN2g=,github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU=,github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM=,github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f h1:eHnXnuK47UlSTOQexbzxAZfekVz6i+LKRdj1CU5DPaM=,github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=,github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 h1:ge14PCmCvPjpMQMIAH7uKg0lrtNSOdpYsRXlwk3QbaE=,github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 h1:lxmTCgmHE1GUYL7P0MlNa00M67axePTq+9nBSGddR8I=,github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=,github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1xfI36MSkFg=,github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=,github.com/docker/docker v26.1.3+incompatible h1:lLCzRbrVZrljpVNobJu1J2FHk8V0s4BawoZippkc+xo=,github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo=,github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=,github.com/emicklei/proto v1.12.1 h1:6n/Z2pZAnBwuhU66Gs8160B8rrrYKo7h2F2sCOnNceE=,github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro=,github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=,github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=,github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec=,github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=,github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=,github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=,github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=,github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=,github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU=,github.com/go-openapi/errors v0.22.0 h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w=,github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=,github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=,github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco=,github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ=,github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=,github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c=,github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=,github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=,github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=,github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=,github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=,github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=,github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=,github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=,github.com/google/certificate-transparency-go v1.1.8 h1:LGYKkgZF7satzgTak9R4yzfJXEeYVAjV6/EAEJOf1to=,github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU=,github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=,github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY=,github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg=,github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=,github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=,github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=,github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=,github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=,github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=,github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=,github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=,github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM=,github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=,github.com/in-toto/in-toto-golang v0.9.0 h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ9EBM1XU=,github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY=,github.com/jellydator/ttlcache/v3 v3.2.0 h1:6lqVJ8X3ZaUwvzENqPAobDsXNExfUJd61u++uW8a3LE=,github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY=,github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=,github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=,github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=,github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 h1:WGrKdjHtWC67RX96eTkYD2f53NDHhrq/7robWTAfk4s=,github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=,github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=,github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=,github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=,github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=,github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=,github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=,github.com/mozillazg/docker-credential-acr-helper v0.3.0 h1:DVWFZ3/O8BP6Ue3iS/Olw+G07u1hCq1EOVCDZZjCIBI=,github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de h1:D5x39vF5KCwKQaw+OC9ZPiLVHXz3UFw2+psEX+gYcto=,github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=,github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 h1:Up6+btDp321ZG5/zdSLo48H9Iaq0UQGthrhWC6pCxzE=,github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY=,github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=,github.com/oleiade/reflections v1.0.1 h1:D1XO3LVEYroYskEsoSiGItp9RUxG6jWnCVvrqH0HHQM=,github.com/open-policy-agent/opa v0.61.0 h1:nhncQ2CAYtQTV/SMBhDDPsCpCQsUW+zO/1j+T5V7oZg=,github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=,github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=,github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=,github.com/openshift/api v0.0.0-20221205111557-f2fbb1d1cd5e h1:a0EWi14QFqKNzQUrML8K800Ko+dttLPuMGQOCVIDCDY=,github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=,github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=,github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=,github.com/pjbgf/go-apparmor v0.1.2 h1:FvMwkThr/XjL3PLAmzpW+p+OcaUWWi92hRi9uc7BdQg=,github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=,github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0 h1:AHzMWDxNiAVscJL6+4wkvFRTpMnJqiaZFEKA/osaBXE=,github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=,github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=,github.com/prometheus/common v0.51.1 h1:eIjN50Bwglz6a/c3hAgSMcofL3nD+nFQkV6Dd4DsQCw=,github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=,github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf h1:014O62zIzQwvoD7Ekj3ePDF5bv9Xxy0w6AZk0qYbjUk=,github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=,github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=,github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=,github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A=,github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY=,github.com/secure-systems-lab/go-securesystemslib v0.8.0 h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA=,github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=,github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh5dkI=,github.com/sigstore/cosign/v2 v2.2.3 h1:WX7yawI+EXu9h7S5bZsfYCbB9XW6Jc43ctKy/NoOSiA=,github.com/sigstore/fulcio v1.4.5 h1:WWNnrOknD0DbruuZWCbN+86WRROpEl3Xts+WT2Ek1yc=,github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8=,github.com/sigstore/sigstore v1.8.3 h1:G7LVXqL+ekgYtYdksBks9B38dPoIsbscjQJX/MGWkA4=,github.com/sigstore/timestamp-authority v1.2.1 h1:j9RmqSAdvKgSofeltPO4x7d+1M3AXaROBzUJ+AA7L5Q=,github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=,github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=,github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=,github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=,github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=,github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=,github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ=,github.com/spiffe/go-spiffe/v2 v2.1.7 h1:VUkM1yIyg/x8X7u1uXqSRVRCdMdfRIEdFBzpqoeASGk=,github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=,github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d h1:vfofYNRScrDdvS342BElfbETmL1Aiz3i2t0zfRj16Hs=,github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes=,github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI=,github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0=,github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=,github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4=,github.com/urfave/cli/v2 v2.27.1 h1:8xSQ6szndafKVRmfyeUMxkNUJQMjL1F2zmsZ+qHpfho=,github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts=,github.com/xanzy/go-gitlab v0.96.0 h1:LGkZ+wSNMRtHIBaYE4Hq3dZVjprwHv3Y1+rhKU3WETs=,github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=,github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=,github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=,github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg=,github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs=,go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=,go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=,go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=,go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=,go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=,go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw=,go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=,go.step.sm/crypto v0.44.2 h1:t3p3uQ7raP2jp2ha9P6xkQF85TJZh+87xmjSLaib+jk=,go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=,go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=,golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=,golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=,golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=,golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=,golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI=,golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=,golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=,golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw=,golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=,golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=,gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=,google.golang.org/api v0.172.0 h1:/1OcMZGPmW1rX2LCu2CmGUD1KXK1+pfzxotxyRUCCdk=,google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc=,google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=,google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=,gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs=,gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=,gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=,gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=,gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=,gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=,k8s.io/api v0.29.5 h1:levS+umUigHCfI3riD36pMY1vQEbrzh4r1ivVWAhHaI=,k8s.io/apiextensions-apiserver v0.29.5 h1:njDywexhE6n+1NEl3A4axT0TMQHREnndrk3/ztdWcNE=,k8s.io/apimachinery v0.29.5 h1:Hofa2BmPfpoT+IyDTlcPdCHSnHtEQMoJYGVoQpRTfv4=,k8s.io/client-go v0.29.5 h1:nlASXmPQy190qTteaVP31g3c/wi2kycznkTP7Sv1zPc=,k8s.io/component-base v0.29.5 h1:Ptj8AzG+p8c2a839XriHwxakDpZH9uvIgYz+o1agjg8=,k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=,k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 h1:avRdiaB03v88Mfvum2S3BBwkNuTlmuar4LlfO9Hajko=,k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY=,oras.land/oras-go/v2 v2.4.0 h1:i+Wt5oCaMHu99guBD0yuBjdLvX7Lz8ukPbwXdR7uBMs=,sigs.k8s.io/controller-runtime v0.17.3 h1:65QmN7r3FWgTxDMz9fvGnO1kbf2nu+acg9p2R9oYYYk=,sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs=,sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=,sigs.k8s.io/release-utils v0.8.1 h1:qSA9p3vZzO6RAq7zvzupCZjR29+n3NK9DSJPe9bSf7w=,sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=,sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E="
I0121 14:53:34.769959       1 metrics.go:218] "Registering metric: selinux_profile_audit_total" logger="metrics"
I0121 14:53:34.770001       1 metrics.go:218] "Registering metric: selinux_profile_error_total" logger="metrics"
I0121 14:53:34.770014       1 metrics.go:218] "Registering metric: apparmor_profile_audit_total" logger="metrics"
I0121 14:53:34.770024       1 metrics.go:218] "Registering metric: apparmor_profile_error_total" logger="metrics"
I0121 14:53:34.770034       1 metrics.go:218] "Registering metric: seccomp_profile_total" logger="metrics"
I0121 14:53:34.770042       1 metrics.go:218] "Registering metric: seccomp_profile_audit_total" logger="metrics"
I0121 14:53:34.770052       1 metrics.go:218] "Registering metric: seccomp_profile_bpf_total" logger="metrics"
I0121 14:53:34.770072       1 metrics.go:218] "Registering metric: seccomp_profile_error_total" logger="metrics"
I0121 14:53:34.770085       1 metrics.go:218] "Registering metric: selinux_profile_total" logger="metrics"
I0121 14:53:34.770095       1 metrics.go:218] "Registering metric: apparmor_profile_total" logger="metrics"
I0121 14:53:34.771813       1 main.go:368] "watching all namespaces" logger="setup"
I0121 14:53:34.771829       1 grpc.go:60] "Starting GRPC server API" logger="metrics"
I0121 14:53:34.773063       1 main.go:497] "starting daemon" logger="setup"
I0121 14:53:34.773144       1 server.go:185] "Starting metrics server" logger="controller-runtime.metrics"
I0121 14:53:34.773174       1 server.go:50] "starting server" kind="health probe" addr="[::]:8085"
I0121 14:53:34.773266       1 server.go:224] "Serving metrics server" logger="controller-runtime.metrics" bindAddress=":8080" secure=false
I0121 14:53:34.773538       1 controller.go:178] "Starting EventSource" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile" source="kind source: *v1beta1.SeccompProfile"
I0121 14:53:34.773668       1 controller.go:178] "Starting EventSource" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile" source="kind source: *v1alpha1.SecurityProfilesOperatorDaemon"
I0121 14:53:34.773719       1 controller.go:186] "Starting Controller" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile"
I0121 14:53:34.773598       1 controller.go:178] "Starting EventSource" controller="rawselinuxprofile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="RawSelinuxProfile" source="kind source: *v1alpha2.RawSelinuxProfile"
I0121 14:53:34.773852       1 controller.go:186] "Starting Controller" controller="rawselinuxprofile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="RawSelinuxProfile"
I0121 14:53:34.774332       1 controller.go:178] "Starting EventSource" controller="selinuxprofile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SelinuxProfile" source="kind source: *v1alpha2.SelinuxProfile"
I0121 14:53:34.774432       1 controller.go:186] "Starting Controller" controller="selinuxprofile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SelinuxProfile"
I0121 14:53:34.890384       1 controller.go:220] "Starting workers" controller="profile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SeccompProfile" worker count=1
I0121 14:53:34.892742       1 controller.go:220] "Starting workers" controller="selinuxprofile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="SelinuxProfile" worker count=1
I0121 14:53:34.892842       1 controller.go:220] "Starting workers" controller="rawselinuxprofile" controllerGroup="security-profiles-operator.x-k8s.io" controllerKind="RawSelinuxProfile" worker count=1
I0121 15:08:04.858712       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:08:04.975131       1 warning_handler.go:65] "metadata.finalizers: \"ci-ln-jdyin4t-72292-tqgkv-worker-a-4xq5t-deleted\": prefer a domain-qualified finalizer name to avoid accidental conflicts with other finalizer writers" logger="KubeAPIWarningLogger"
I0121 15:08:06.269714       1 common_controller.go:276] "Checking if policy deployed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyName="bpfman-secure"
I0121 15:08:06.282311       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:08:06.283184       1 common_controller.go:276] "Checking if policy deployed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyName="bpfman-secure"
I0121 15:08:06.293061       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"

<TRIM Repeated logs>

I0121 15:08:20.405135       1 common_controller.go:276] "Checking if policy deployed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyName="bpfman-secure"
I0121 15:08:20.405820       1 common_controller.go:309] "Policy deployed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" status="Installed"
I0121 15:08:22.216443       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:08:22.217310       1 common_controller.go:276] "Checking if policy deployed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyName="bpfman-secure"
I0121 15:08:22.217834       1 common_controller.go:309] "Policy deployed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" status="Installed"
I0121 15:08:45.302031       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"

<TRIM Repeated logs>

I0121 15:22:41.907032       1 common_controller.go:276] "Checking if policy deployed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyName="bpfman-secure"
I0121 15:22:41.907555       1 common_controller.go:309] "Policy deployed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" status="Installed"
I0121 15:22:55.519197       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.537806       1 common_controller.go:396] "Removing policy file" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyPath="/etc/selinux.d/bpfman-secure_go-xdp-counter.cil"
I0121 15:22:55.537917       1 common_controller.go:219] "Re-queueing delete request to make sure the policy is gone" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.543760       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.554725       1 common_controller.go:396] "Removing policy file" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyPath="/etc/selinux.d/bpfman-secure_go-xdp-counter.cil"
I0121 15:22:55.554937       1 common_controller.go:359] "Checking if policy is removed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyName="bpfman-secure"
I0121 15:22:55.556470       1 common_controller.go:373] "Policy still installed, requeue" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.556604       1 common_controller.go:219] "Re-queueing delete request to make sure the policy is gone" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.567057       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.577743       1 common_controller.go:396] "Removing policy file" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyPath="/etc/selinux.d/bpfman-secure_go-xdp-counter.cil"
I0121 15:22:55.577818       1 common_controller.go:359] "Checking if policy is removed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyName="bpfman-secure"
I0121 15:22:55.578220       1 common_controller.go:373] "Policy still installed, requeue" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.578249       1 common_controller.go:219] "Re-queueing delete request to make sure the policy is gone" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.578324       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.588132       1 common_controller.go:396] "Removing policy file" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyPath="/etc/selinux.d/bpfman-secure_go-xdp-counter.cil"
I0121 15:22:55.588209       1 common_controller.go:359] "Checking if policy is removed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyName="bpfman-secure"
I0121 15:22:55.588590       1 common_controller.go:373] "Policy still installed, requeue" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.588618       1 common_controller.go:219] "Re-queueing delete request to make sure the policy is gone" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.599061       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.609450       1 common_controller.go:396] "Removing policy file" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyPath="/etc/selinux.d/bpfman-secure_go-xdp-counter.cil"
I0121 15:22:55.609542       1 common_controller.go:359] "Checking if policy is removed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyName="bpfman-secure"
I0121 15:22:55.610032       1 common_controller.go:373] "Policy still installed, requeue" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.610060       1 common_controller.go:219] "Re-queueing delete request to make sure the policy is gone" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.690652       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.702382       1 common_controller.go:396] "Removing policy file" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyPath="/etc/selinux.d/bpfman-secure_go-xdp-counter.cil"
I0121 15:22:55.702518       1 common_controller.go:359] "Checking if policy is removed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyName="bpfman-secure"
I0121 15:22:55.702874       1 common_controller.go:373] "Policy still installed, requeue" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.702959       1 common_controller.go:219] "Re-queueing delete request to make sure the policy is gone" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.863678       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.875892       1 common_controller.go:396] "Removing policy file" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyPath="/etc/selinux.d/bpfman-secure_go-xdp-counter.cil"
I0121 15:22:55.875953       1 common_controller.go:359] "Checking if policy is removed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyName="bpfman-secure"
I0121 15:22:55.876295       1 common_controller.go:373] "Policy still installed, requeue" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:55.876399       1 common_controller.go:219] "Re-queueing delete request to make sure the policy is gone" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:56.196836       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:56.207543       1 common_controller.go:396] "Removing policy file" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyPath="/etc/selinux.d/bpfman-secure_go-xdp-counter.cil"
I0121 15:22:56.207606       1 common_controller.go:359] "Checking if policy is removed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyName="bpfman-secure"
I0121 15:22:56.207907       1 common_controller.go:373] "Policy still installed, requeue" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:56.207932       1 common_controller.go:219] "Re-queueing delete request to make sure the policy is gone" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:56.849047       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:56.862478       1 common_controller.go:396] "Removing policy file" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyPath="/etc/selinux.d/bpfman-secure_go-xdp-counter.cil"
I0121 15:22:56.862563       1 common_controller.go:359] "Checking if policy is removed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyName="bpfman-secure"
I0121 15:22:56.862942       1 common_controller.go:373] "Policy still installed, requeue" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:56.862966       1 common_controller.go:219] "Re-queueing delete request to make sure the policy is gone" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:58.143666       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:58.153481       1 common_controller.go:396] "Removing policy file" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyPath="/etc/selinux.d/bpfman-secure_go-xdp-counter.cil"
I0121 15:22:58.153567       1 common_controller.go:359] "Checking if policy is removed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyName="bpfman-secure"
I0121 15:22:58.153928       1 common_controller.go:373] "Policy still installed, requeue" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:22:58.153956       1 common_controller.go:219] "Re-queueing delete request to make sure the policy is gone" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:23:00.714301       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:23:00.726908       1 common_controller.go:396] "Removing policy file" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyPath="/etc/selinux.d/bpfman-secure_go-xdp-counter.cil"
I0121 15:23:00.726986       1 common_controller.go:359] "Checking if policy is removed" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure" policyName="bpfman-secure"
I0121 15:23:00.727305       1 common_controller.go:373] "Policy still installed, requeue" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:23:00.727427       1 common_controller.go:219] "Re-queueing delete request to make sure the policy is gone" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
I0121 15:23:05.848386       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
<TRIM Repeated logs>
I0121 15:29:37.884007       1 common_controller.go:162] "Reconciling object in selinuxprofile" logger="selinuxprofile" Request.Namespace="go-xdp-counter" Request.Name="bpfman-secure"
spod "selinuxd" Logs 

$ kubectl logs -n openshift-security-profiles spod-h6ngk -c selinuxd
{"level":"info","ts":1737471219.1636744,"caller":"version/version.go:42","msg":"selinuxd information","version":"","buildDate":"'2024-12-05T08:49:01Z'","compiler":"gc","platform":"linux/amd64"}
{"level":"info","ts":1737471219.1644113,"caller":"daemon/daemon.go:31","msg":"Started daemon"}
{"level":"info","ts":1737471219.1724286,"logger":"state-server","caller":"daemon/status_server.go:178","msg":"Serving status","path":"/var/run/selinuxd/selinuxd.sock","uid":0,"gid":65535}
{"level":"info","ts":1737471219.1728737,"caller":"daemon/status_server.go:75","msg":"Status Server got READY signal"}
{"level":"info","ts":1737472086.2697296,"logger":"file-watcher","caller":"daemon/daemon.go:94","msg":"Installing policy","file":"/etc/selinux.d/bpfman-secure_go-xdp-counter.cil"}
{"level":"info","ts":1737472086.2698317,"logger":"file-watcher","caller":"daemon/daemon.go:94","msg":"Installing policy","file":"/etc/selinux.d/bpfman-secure_go-xdp-counter.cil"}
{"level":"info","ts":1737472097.5827088,"caller":"policycoreutils/policycoreutils.go:45","msg":"Installing policy","modulePath":"/etc/selinux.d/bpfman-secure_go-xdp-counter.cil","output":""}
{"level":"info","ts":1737472097.6020172,"logger":"policy-installer","caller":"daemon/daemon.go:131","msg":"The operation was successful","operation":"install - /etc/selinux.d/bpfman-secure_go-xdp-counter.cil"}
{"level":"info","ts":1737472097.602442,"logger":"policy-installer","caller":"daemon/daemon.go:131","msg":"The operation was successful","operation":"install - /etc/selinux.d/bpfman-secure_go-xdp-counter.cil"}
{"level":"info","ts":1737472975.537969,"logger":"file-watcher","caller":"daemon/daemon.go:91","msg":"Removing policy","file":"/etc/selinux.d/bpfman-secure_go-xdp-counter.cil"}
{"level":"info","ts":1737472989.1514392,"caller":"policycoreutils/policycoreutils.go:72","msg":"Removing a policy","output":"libsemanage.semanage_direct_remove_key: Removing last bpfman-secure_go-xdp-counter module (no other bpfman-secure_go-xdp-counter module exists at another priority).\n"}
{"level":"info","ts":1737472989.1544476,"logger":"policy-installer","caller":"daemon/daemon.go:131","msg":"The operation was successful","operation":"remove - /etc/selinux.d/bpfman-secure_go-xdp-counter.cil"}

@Billy99
Copy link
Author

Billy99 commented Jan 23, 2025

After further testing, if I have all the objects in the same yaml file, the delete hangs and the SelinuxProfile and Namespace fail to delete.

$ kubectl apply -f xdp.yaml
namespace "go-xdp-counter" created
selinuxprofile.security-profiles-operator.x-k8s.io/bpfman-secure created
serviceaccount/bpfman-app-go-xdp-counter created
clusterrolebinding.rbac.authorization.k8s.io/xdp-binding created
daemonset.apps/go-xdp-counter-ds created
xdpprogram.bpfman.io/go-xdp-counter-example created

$ kubectl delete -f xdp.yaml
namespace "go-xdp-counter" deleted
selinuxprofile.security-profiles-operator.x-k8s.io "bpfman-secure" deleted
serviceaccount "bpfman-app-go-xdp-counter" deleted
clusterrolebinding.rbac.authorization.k8s.io "xdp-binding" deleted
daemonset.apps "go-xdp-counter-ds" deleted
xdpprogram.bpfman.io "go-xdp-counter-example" deleted
<HANG>

But if I separate out the Namespace, it succeeds:

$ kubectl apply -f xdp-ns.yaml
namespace "go-xdp-counter" created

$ kubectl apply -f xdp.yaml
selinuxprofile.security-profiles-operator.x-k8s.io/bpfman-secure created
serviceaccount/bpfman-app-go-xdp-counter created
clusterrolebinding.rbac.authorization.k8s.io/xdp-binding created
daemonset.apps/go-xdp-counter-ds created
xdpprogram.bpfman.io/go-xdp-counter-example created

$ kubectl delete -f xdp.yaml
selinuxprofile.security-profiles-operator.x-k8s.io "bpfman-secure" deleted
serviceaccount "bpfman-app-go-xdp-counter" deleted
clusterrolebinding.rbac.authorization.k8s.io "xdp-binding" deleted
daemonset.apps "go-xdp-counter-ds" deleted
xdpprogram.bpfman.io "go-xdp-counter-example" deleted

<WAIT UNTIL SELINUX-PROFILE DELETES>

$ kubectl delete -f xdp-ns.yaml
namespace "go-xdp-counter" deleted

When it hangs:

Namespace 

$ kubectl get namespaces go-xdp-counter -o yaml
apiVersion: v1
kind: Namespace
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"labels":{"pod-security.kubernetes.io/enforce":"privileged","pod-security.kubernetes.io/warn":"privileged"},"name":"go-xdp-counter"}}
    openshift.io/sa.scc.mcs: s0:c28,c2
    openshift.io/sa.scc.supplemental-groups: 1000760000/10000
    openshift.io/sa.scc.uid-range: 1000760000/10000
  creationTimestamp: "2025-01-23T16:30:48Z"
  deletionTimestamp: "2025-01-23T16:37:36Z"
  labels:
    kubernetes.io/metadata.name: go-xdp-counter
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/audit-version: latest
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
    pod-security.kubernetes.io/warn-version: latest
  name: go-xdp-counter
  resourceVersion: "54529"
  uid: 3ece8563-9141-4c29-aa71-9f5aa7ff8d95
spec:
  finalizers:
  - kubernetes
status:
  conditions:
  - lastTransitionTime: "2025-01-23T16:37:44Z"
    message: All resources successfully discovered
    reason: ResourcesDiscovered
    status: "False"
    type: NamespaceDeletionDiscoveryFailure
  - lastTransitionTime: "2025-01-23T16:37:44Z"
    message: All legacy kube types successfully parsed
    reason: ParsedGroupVersions
    status: "False"
    type: NamespaceDeletionGroupVersionParsingFailure
  - lastTransitionTime: "2025-01-23T16:37:44Z"
    message: All content successfully deleted, may be waiting on finalization
    reason: ContentDeleted
    status: "False"
    type: NamespaceDeletionContentFailure
  - lastTransitionTime: "2025-01-23T16:37:44Z"
    message: 'Some resources are remaining: selinuxprofiles.security-profiles-operator.x-k8s.io
      has 1 resource instances'
    reason: SomeResourcesRemain
    status: "True"
    type: NamespaceContentRemaining
  - lastTransitionTime: "2025-01-23T16:37:44Z"
    message: 'Some content in the namespace has finalizers remaining: ci-ln-kflnbkt-72292-f9jll-master-0-deleted
      in 1 resource instances, ci-ln-kflnbkt-72292-f9jll-master-1-deleted in 1 resource
      instances, ci-ln-kflnbkt-72292-f9jll-master-2-deleted in 1 resource instances,
      ci-ln-kflnbkt-72292-f9jll-worker-a-sttsj-deleted in 1 resource instances, ci-ln-kflnbkt-72292-f9jll-worker-b-9sm5p-deleted
      in 1 resource instances, ci-ln-kflnbkt-72292-f9jll-worker-c-dxfjg-deleted in
      1 resource instances'
    reason: SomeFinalizersRemain
    status: "True"
    type: NamespaceFinalizersRemaining
  phase: Terminating
SelinuxProfiles 

$ kubectl get selinuxprofiles -n go-xdp-counter bpfman-secure -o yaml
apiVersion: security-profiles-operator.x-k8s.io/v1alpha2
kind: SelinuxProfile
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"security-profiles-operator.x-k8s.io/v1alpha2","kind":"SelinuxProfile","metadata":{"annotations":{},"name":"bpfman-secure","namespace":"go-xdp-counter"},"spec":{"allow":{"@self":{"bpf":["map_read","map_write"]},"spc_t":{"bpf":["map_read","map_write"]}},"inherit":[{"kind":"System","name":"container"}]}}
  creationTimestamp: "2025-01-23T16:31:32Z"
  deletionGracePeriodSeconds: 0
  deletionTimestamp: "2025-01-23T16:37:36Z"
  finalizers:
  - ci-ln-kflnbkt-72292-f9jll-worker-a-sttsj-deleted
  - ci-ln-kflnbkt-72292-f9jll-worker-c-dxfjg-deleted
  - ci-ln-kflnbkt-72292-f9jll-master-0-deleted
  - ci-ln-kflnbkt-72292-f9jll-worker-b-9sm5p-deleted
  - ci-ln-kflnbkt-72292-f9jll-master-2-deleted
  - ci-ln-kflnbkt-72292-f9jll-master-1-deleted
  generation: 2
  labels:
    spo.x-k8s.io/profile-id: SelinuxProfile-bpfman-secure
  name: bpfman-secure
  namespace: go-xdp-counter
  resourceVersion: "54401"
  uid: b2b1d459-e614-43ee-b8df-ded88b5b9513
spec:
  allow:
    '@self':
      bpf:
      - map_read
      - map_write
    spc_t:
      bpf:
      - map_read
      - map_write
  disabled: false
  inherit:
  - kind: System
    name: container
  permissive: false
status:
  conditions:
  - lastTransitionTime: "2025-01-23T16:37:36Z"
    reason: Deleting
    status: "False"
    type: Ready
  status: Terminating
  usage: bpfman-secure_go-xdp-counter.process

The profile is being deleted off the Node:

Before Delete Call:

$ kubectl exec -it  -n openshift-security-profiles -c selinuxd spod-qgvcv -- sh
sh-5.1# ls /etc/selinux.d/
bpfman-secure_go-xdp-counter.cil
sh-5.1# 
sh-5.1# cat /etc/selinux.d/bpfman-secure_go-xdp-counter.cil 
(block bpfman-secure_go-xdp-counter
(blockinherit container)
(allow process bpfman-secure_go-xdp-counter.process ( bpf ( map_read map_write )))
(allow process spc_t ( bpf ( map_read map_write )))
)
sh-5.1#

After Delete Call while command is hung:

$ kubectl exec -it  -n openshift-security-profiles -c selinuxd spod-qgvcv -- sh
sh-5.1# ls /etc/selinux.d/
sh-5.1#

Following the logs, it appears that the getPolicyStatus() call in reconcileDeletePolicy() (https://github.com/kubernetes-sigs/security-profiles-operator/blob/main/internal/pkg/daemon/selinuxprofile/common_controller.go#L360) is always returning polStatus.Status == installedStatus so the reconcile returns requeue and the nodeStatus.Remove() is never being called (https://github.com/kubernetes-sigs/security-profiles-operator/blob/main/internal/pkg/daemon/selinuxprofile/common_controller.go#L223). But I don't know enough about the code to debug the getPolicyStatus() call.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Billy99