From 92dda854e605420f3e84fae4997090c5a07aba57 Mon Sep 17 00:00:00 2001 From: aabughosh Date: Wed, 3 Dec 2025 15:46:44 +0200 Subject: [PATCH 1/2] add a relevant svc to the crio port --- .../0000_80_machine-config_00_service.yaml | 22 ++++++++++++++++++- .../_base/files/criometricsproxy.yaml | 2 ++ .../_base/files/criometricsproxy.yaml | 2 ++ .../_base/files/criometricsproxy.yaml | 2 ++ 4 files changed, 27 insertions(+), 1 deletion(-) diff --git a/install/0000_80_machine-config_00_service.yaml b/install/0000_80_machine-config_00_service.yaml index 7eeb0ab416..68e5009562 100644 --- a/install/0000_80_machine-config_00_service.yaml +++ b/install/0000_80_machine-config_00_service.yaml @@ -88,4 +88,24 @@ spec: port: 22624 targetPort: 22624 protocol: TCP - +--- +apiVersion: v1 +kind: Service +metadata: + name: kube-rbac-proxy-crio + namespace: openshift-machine-config-operator + labels: + k8s-app: kube-rbac-proxy-crio + annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" +spec: + type: ClusterIP + selector: + k8s-app: kube-rbac-proxy-crio + ports: + - name: metrics + port: 9637 + targetPort: 9637 + protocol: TCP diff --git a/templates/arbiter/01-arbiter-kubelet/_base/files/criometricsproxy.yaml b/templates/arbiter/01-arbiter-kubelet/_base/files/criometricsproxy.yaml index bcdf704c09..8f8cae587d 100644 --- a/templates/arbiter/01-arbiter-kubelet/_base/files/criometricsproxy.yaml +++ b/templates/arbiter/01-arbiter-kubelet/_base/files/criometricsproxy.yaml @@ -7,6 +7,8 @@ contents: metadata: name: kube-rbac-proxy-crio namespace: openshift-machine-config-operator + labels: + k8s-app: kube-rbac-proxy-crio annotations: target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' openshift.io/required-scc: privileged diff --git a/templates/master/01-master-kubelet/_base/files/criometricsproxy.yaml b/templates/master/01-master-kubelet/_base/files/criometricsproxy.yaml index bcdf704c09..8f8cae587d 100644 --- a/templates/master/01-master-kubelet/_base/files/criometricsproxy.yaml +++ b/templates/master/01-master-kubelet/_base/files/criometricsproxy.yaml @@ -7,6 +7,8 @@ contents: metadata: name: kube-rbac-proxy-crio namespace: openshift-machine-config-operator + labels: + k8s-app: kube-rbac-proxy-crio annotations: target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' openshift.io/required-scc: privileged diff --git a/templates/worker/01-worker-kubelet/_base/files/criometricsproxy.yaml b/templates/worker/01-worker-kubelet/_base/files/criometricsproxy.yaml index bcdf704c09..8f8cae587d 100644 --- a/templates/worker/01-worker-kubelet/_base/files/criometricsproxy.yaml +++ b/templates/worker/01-worker-kubelet/_base/files/criometricsproxy.yaml @@ -7,6 +7,8 @@ contents: metadata: name: kube-rbac-proxy-crio namespace: openshift-machine-config-operator + labels: + k8s-app: kube-rbac-proxy-crio annotations: target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' openshift.io/required-scc: privileged From d41f4bb5ecb968c76a49f9aec3c8093abbfd38a6 Mon Sep 17 00:00:00 2001 From: aabughosh Date: Tue, 9 Dec 2025 11:44:00 +0200 Subject: [PATCH 2/2] add missing ports in contaiterport on the daemoset --- manifests/machineconfigserver/daemonset.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/machineconfigserver/daemonset.yaml b/manifests/machineconfigserver/daemonset.yaml index 6384f1b70b..2a8809f98f 100644 --- a/manifests/machineconfigserver/daemonset.yaml +++ b/manifests/machineconfigserver/daemonset.yaml @@ -27,6 +27,13 @@ spec: - "--tls-cipher-suites={{join .TLSCipherSuites ","}}" - "--tls-min-version={{.TLSMinVersion}}" - "--v={{.LogLevel}}" + ports: + - containerPort: 22623 + name: https + protocol: TCP + - containerPort: 22624 + name: http + protocol: TCP resources: requests: cpu: 20m