{"level":"info","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Operator Version: 0.0.1"}
{"level":"info","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Go Version: go1.25.8 (Red Hat 1.25.8-1.module+el8.10.0+24168+9fd3a552) X:strictfipsruntime"}
{"level":"info","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Go OS/Arch: linux/amd64"}
{"level":"info","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Setting Up Manager"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Load KubeConfig"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Initialize Manager"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Initialize Scheme"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Getting Manager Options"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Adding Healthz and Readyz checks"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Registering Components"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Initialize Prometheus Registry"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Initialize Prometheus metrics endpoint","endpoint":"http://0.0.0.0:8383/metrics"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Initialize ConfigMap watcher"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Initialize Validation Engine"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Initialize Reconciler"}
{"level":"info","ts":"2026-04-28T19:10:46Z","logger":"DeploymentValidation","msg":"Starting Manager"}
{"level":"info","ts":"2026-04-28T19:10:46Z","msg":"starting server","name":"health probe","addr":"[::]:8081"}
{"level":"info","ts":"2026-04-28T19:10:46Z","logger":"ConfigMapWatcher","msg":"a ConfigMap has been created under watched namespace","name":"deployment-validation-operator-config","namespace":"openshift-deployment-validation-operator"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"Current set of enabled checks","checks":"dangling-horizontalpodautoscaler, dangling-ingress, dangling-networkpolicy, dangling-networkpolicypeer-podselector, dangling-service, dangling-servicemonitor, dnsconfig-options, duplicate-env-var, env-value-from, host-ipc, host-network, host-pid, hpa-minimum-three-replicas, invalid-target-ports, job-ttl-seconds-after-finished, liveness-port, minimum-three-replicas, no-anti-affinity, no-node-affinity, non-existent-service-account, non-isolated-pod, pdb-max-unavailable, pdb-min-available, pdb-unhealthy-pod-eviction-policy, priority-class-name, privilege-escalation-container, privileged-container, readiness-port, restart-policy, run-as-non-root, scc-deny-privileged-container, schema-validation, sorted-keys, startup-port, unsafe-sysctls, unset-cpu-requirements, unset-memory-requirements"}
{"level":"info","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"The ConfigMap has been updated"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":1,"Group":"","Version":"v1","Kind":"Pod"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":2,"Group":"apps","Version":"v1","Kind":"DaemonSet"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":3,"Group":"policy","Version":"v1","Kind":"PodDisruptionBudget"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":4,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRoleBinding"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":5,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"RoleBinding"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":6,"Group":"apps","Version":"v1","Kind":"StatefulSet"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":7,"Group":"","Version":"v1","Kind":"ReplicationController"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":8,"Group":"","Version":"v1","Kind":"Service"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":9,"Group":"apps","Version":"v1","Kind":"ReplicaSet"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":10,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRole"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":11,"Group":"","Version":"v1","Kind":"PersistentVolumeClaim"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":12,"Group":"autoscaling","Version":"v1","Kind":"HorizontalPodAutoscaler"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":13,"Group":"batch","Version":"v1","Kind":"Job"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":14,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"Role"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":15,"Group":"apps.openshift.io","Version":"v1","Kind":"DeploymentConfig"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":16,"Group":"","Version":"v1","Kind":"ServiceAccount"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":17,"Group":"batch","Version":"v1","Kind":"CronJob"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":18,"Group":"networking.k8s.io","Version":"v1","Kind":"Ingress"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":19,"Group":"networking.k8s.io","Version":"v1","Kind":"NetworkPolicy"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"apiResource","no":20,"Group":"apps","Version":"v1","Kind":"Deployment"}
{"level":"info","ts":"2026-04-28T19:10:46Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-04-28T19:10:46Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"open-cluster-management-2pvb4vdgf4p3csrl5l4cl4buk5fbbge2","items":2,"labels":"open-cluster-management.io/created-by-klusterlet=klusterlet-2pvb4vdgf4p3csrl5l4cl4buk5fbbge2"}
{"level":"info","ts":"2026-04-28T19:10:46Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"Reconciliation loop has started"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":1,"Group":"","Version":"v1","Kind":"Pod"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":2,"Group":"apps","Version":"v1","Kind":"DaemonSet"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":3,"Group":"policy","Version":"v1","Kind":"PodDisruptionBudget"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":4,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRoleBinding"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":5,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"RoleBinding"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":6,"Group":"apps","Version":"v1","Kind":"StatefulSet"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":7,"Group":"","Version":"v1","Kind":"ReplicationController"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":8,"Group":"","Version":"v1","Kind":"Service"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":9,"Group":"apps","Version":"v1","Kind":"ReplicaSet"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":10,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRole"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":11,"Group":"","Version":"v1","Kind":"PersistentVolumeClaim"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":12,"Group":"autoscaling","Version":"v1","Kind":"HorizontalPodAutoscaler"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":13,"Group":"batch","Version":"v1","Kind":"Job"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":14,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"Role"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":15,"Group":"apps.openshift.io","Version":"v1","Kind":"DeploymentConfig"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":16,"Group":"","Version":"v1","Kind":"ServiceAccount"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":17,"Group":"batch","Version":"v1","Kind":"CronJob"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":18,"Group":"networking.k8s.io","Version":"v1","Kind":"Ingress"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":19,"Group":"networking.k8s.io","Version":"v1","Kind":"NetworkPolicy"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"apiResource","no":20,"Group":"apps","Version":"v1","Kind":"Deployment"}
{"level":"info","ts":"2026-04-28T19:12:46Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":2,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=rhbk-operator,olm.owner=rhbk-operator.v26.4.11-opr.1,olm.permissions.hash=4Z6mzHw3Gux72vIWxroUVRIpSW5IOUFnONBDgt,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":4,"labels":"name=rhbk-operator,pod-template-hash=759b8bf9b5"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"rhbk-operator","object":"rhbk-operator","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"rhbk-operator","object":"rhbk-operator","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"rhbk-operator","object":"rhbk-operator","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"rhbk-operator","object":"rhbk-operator","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"rhbk-operator\" not found"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"rhbk-operator","object":"rhbk-operator","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"rhbk-operator","object":"rhbk-operator","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"rhbk-operator\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.managed=true,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.deployment-spec-hash=cOdK84vKgnaRLenln58KtpXCI40xI5jsgYOhU0,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=rhbk-operator,olm.owner=rhbk-operator.v26.4.11-opr.1,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=rhbk-operator,olm.owner=rhbk-operator.v26.4.11-opr.1,olm.permissions.hash=4O0tiObYrrFrlUWdzQmHj2sVWezFneLyYDCeOp,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"info","ts":"2026-04-28T19:12:46Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-keycloak","items":1,"labels":"olm.copiedFrom=rhbk-operator,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tssc-keycloak,olm.owner=rhbk-operator.v26.4.11-opr.1,olm.permissions.hash=4O0tiObYrrFrlUWdzQmHj2sVWezFneLyYDCeOp"}
{"level":"debug","ts":"2026-04-28T19:12:46Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-keycloak","items":1,"labels":"olm.copiedFrom=rhbk-operator,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tssc-keycloak,olm.owner=rhbk-operator.v26.4.11-opr.1,olm.permissions.hash=4Z6mzHw3Gux72vIWxroUVRIpSW5IOUFnONBDgt,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"info","ts":"2026-04-28T19:12:46Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-04-28T19:12:46Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-04-28T19:12:46Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-04-28T19:12:47Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-04-28T19:12:47Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"trusted-artifact-signer","items":5,"labels":"app.kubernetes.io/component=client-server,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=f6d595f96"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"cli-server\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cli-server\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cli-server\" has memory limit 0"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"trusted-artifact-signer","items":5,"labels":"app.kubernetes.io/component=client-server,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"cli-server\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cli-server\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cli-server\" has memory limit 0"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"cli-server\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cli-server\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cli-server\" has memory limit 0"}
{"level":"info","ts":"2026-04-28T19:12:47Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":5,"labels":"control-plane=controller-manager,pod-template-hash=556f86dcbc"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"liveness-port","check_description":"Indicates when containers have a liveness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the liveness probe.","check_failure_reason":"container \"manager\" does not expose port 8081 for the HTTPGet"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"rhtpa-operator-controller-manager\" not found"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"readiness-port","check_description":"Indicates when containers have a readiness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the readiness probe.","check_failure_reason":"container \"manager\" does not expose port 8081 for the HTTPGet"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":3,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=rhtpa-operator,control-plane=controller-manager,olm.managed=true,operators.coreos.com/rhtpa-operator.tssc-tpa="}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-tpa"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":1,"labels":"olm.managed=true,operators.coreos.com/rhtpa-operator.tssc-tpa="}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":2,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=rhtpa-operator,control-plane=controller-manager,olm.deployment-spec-hash=9VPLxFzzZEFCihbIorY1e17RuqWiY7CXeXLOOk,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tssc-tpa,olm.owner=rhtpa-operator.v1.1.4,operators.coreos.com/rhtpa-operator.tssc-tpa="}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-tpa"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":4,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tssc-tpa,olm.owner=rhtpa-operator.v1.1.4,olm.permissions.hash=89zmJTEa8x4dF5PYcd2jJAXBQdRMGCux5nsqKM,operators.coreos.com/rhtpa-operator.tssc-tpa="}
{"level":"debug","ts":"2026-04-28T19:12:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tssc-tpa,olm.owner=rhtpa-operator.v1.1.4,olm.permissions.hash=ayWt7Ra7j6VaUOWVVnLRSjaZXaH1qykCBmO9pt,operators.coreos.com/rhtpa-operator.tssc-tpa="}
{"level":"info","ts":"2026-04-28T19:12:47Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
I0428 19:12:48.547148       1 request.go:752] "Waited before sending request" delay="1.022538742s" reason="client-side throttling, not priority and fairness" verb="GET" URL="https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/tssc-gitops/rolebindings?continue=eyJ2IjoibWV0YS5rOHMuaW8vdjEiLCJydiI6MjAyMTksInN0YXJ0IjoidHNzYy1naXRvcHNcdTAwMDAifQ&limit=5"
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":4,"labels":"app.kubernetes.io/name=tssc-gitops-application-controller,apps.kubernetes.io/pod-index=0,controller-revision-hash=tssc-gitops-application-controller-7b8d4dd45c,statefulset.kubernetes.io/pod-name=tssc-gitops-application-controller-0"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"argocd-application-controller\" is referring to an unknown config map \"argocd-cmd-params-cm\""}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"argocd-application-controller\" is referring to an unknown secret \"tssc-gitops-redis-initial-password\""}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tssc-gitops-argocd-application-controller\" not found"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"argocd-application-controller\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":5,"labels":"app.kubernetes.io/name=tssc-gitops-applicationset-controller,pod-template-hash=5df5944d4d"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-applicationset-controller","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-applicationset-controller","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-applicationset-controller","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-applicationset-controller","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tssc-gitops-applicationset-controller\" not found"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-applicationset-controller","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":6,"labels":"app.kubernetes.io/name=tssc-gitops-redis,pod-template-hash=9b74744d6"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-redis","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-redis","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"redis\" is referring to an unknown secret \"tssc-gitops-redis-initial-password\""}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-redis","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-redis","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-redis","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tssc-gitops-argocd-redis\" not found"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-redis-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-application-controller)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-redis-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-repo-server)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-redis-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-server)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":6,"labels":"app.kubernetes.io/name=tssc-gitops-repo-server,pod-template-hash=59c4d978c4"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"argocd-repo-server\" is referring to an unknown secret \"tssc-gitops-redis-initial-password\""}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-application-controller)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-server)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-notifications-controller)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=argocd-applicationset-controller)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-applicationset-controller)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":5,"labels":"app.kubernetes.io/component=repo-server,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-repo-server,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":2,"labels":"app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=argocd-application-controller,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":2,"labels":"app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=argocd-server,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":3,"labels":"app.kubernetes.io/component=application-controller,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-application-controller,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":6,"labels":"app.kubernetes.io/name=tssc-gitops-dex-server,dex.config.changed=04282026-191226-UTC,pod-template-hash=79d75fdc5c"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-dex-server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-dex-server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-dex-server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-dex-server","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tssc-gitops-argocd-dex-server\" not found"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-dex-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-server)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":7,"labels":"app.kubernetes.io/name=tssc-gitops-server,pod-template-hash=66784844c4"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"argocd-server\" is referring to an unknown secret \"tssc-gitops-redis-initial-password\""}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-server","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tssc-gitops-argocd-server\" not found"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":1,"labels":"app.kubernetes.io/component=metrics,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-metrics,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":5,"labels":"app.kubernetes.io/component=redis,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-redis,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":2,"labels":"app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=argocd-dex-server,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":2,"labels":"app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=argocd-redis,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":2,"labels":"app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=argocd-redis-ha,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":10,"labels":"app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicy","check_description":"Indicates when networkpolicies do not have any associated deployments.","check_remediation":"Confirm that your networkPolicy's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy's podSelector labels ({map[app.kubernetes.io/name:tssc-gitops-application-controller] []}) "}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-applicationset-controller-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicy","check_description":"Indicates when networkpolicies do not have any associated deployments.","check_remediation":"Confirm that your networkPolicy's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy's podSelector labels ({map[app.kubernetes.io/name:argocd-applicationset-controller] []}) "}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-dex-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicy","check_description":"Indicates when networkpolicies do not have any associated deployments.","check_remediation":"Confirm that your networkPolicy's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy's podSelector labels ({map[app.kubernetes.io/name:tssc-gitops-dex-server] []}) "}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-dex-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-server)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicy","check_description":"Indicates when networkpolicies do not have any associated deployments.","check_remediation":"Confirm that your networkPolicy's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy's podSelector labels ({map[app.kubernetes.io/name:tssc-gitops-repo-server] []}) "}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-application-controller)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-server)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-notifications-controller)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=argocd-applicationset-controller)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-applicationset-controller)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicy","check_description":"Indicates when networkpolicies do not have any associated deployments.","check_remediation":"Confirm that your networkPolicy's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy's podSelector labels ({map[app.kubernetes.io/name:tssc-gitops-server] []}) "}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":2,"labels":"batch.kubernetes.io/controller-uid=acde23a2-9994-4c43-81bd-c3d74a871611,batch.kubernetes.io/job-name=tssc-gitops-post-deploy,controller-uid=acde23a2-9994-4c43-81bd-c3d74a871611,job-name=tssc-gitops-post-deploy"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"argocd-generate-token\" is referring to an unknown secret \"tssc-gitops-cluster\""}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"job-ttl-seconds-after-finished","check_description":"Indicates when standalone jobs do not set ttlSecondsAfterFinished and when jobs managed by cronjob do set ttlSecondsAfterFinished.","check_remediation":"Set Job.spec.ttlSecondsAfterFinished. Unset CronJob.Spec.JobTemplate.Spec.ttlSecondsAfterFinished.","check_failure_reason":"Standalone Job does not specify ttlSecondsAfterFinished"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tssc-gitops\" not found"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"restart-policy","check_description":"Indicates when a deployment-like object does not use a restart policy","check_remediation":"Set up the restart policy for your object to 'Always' or 'OnFailure' to increase the fault tolerance.","check_failure_reason":"object has a restart policy defined with 'Never' but the only accepted restart policies are '[Always OnFailure]'"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"copy-scripts\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"argocd-generate-token\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"argocd-store-token\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"copy-scripts\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"argocd-generate-token\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"argocd-store-token\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"copy-scripts\" has memory limit 0"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"argocd-generate-token\" has memory limit 0"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"argocd-store-token\" has memory limit 0"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":5,"labels":"app.kubernetes.io/component=dex-server,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-dex-server,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":6,"labels":"app.kubernetes.io/component=server,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-server,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":1,"labels":"app.kubernetes.io/component=server,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-server-metrics,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":5,"labels":"app.kubernetes.io/component=controller,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=argocd-applicationset-controller,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-applicationset-controller","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-applicationset-controller","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-applicationset-controller","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-applicationset-controller","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-applicationset-controller-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicy","check_description":"Indicates when networkpolicies do not have any associated deployments.","check_remediation":"Confirm that your networkPolicy's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy's podSelector labels ({map[app.kubernetes.io/name:argocd-applicationset-controller] []}) "}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":1,"labels":"app.kubernetes.io/instance=tssc-gitops,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=tssc-gitops,app.kubernetes.io/version=1.20,helm.sh/chart=tssc-gitops-1.9.0"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":6,"labels":"app.kubernetes.io/name=tssc-gitops-dex-server,pod-template-hash=cb67bf45f"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-dex-server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-dex-server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-dex-server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-dex-server","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tssc-gitops-argocd-dex-server\" not found"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-dex-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-server)"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":3,"labels":"app.kubernetes.io/component=applicationset-controller,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-applicationset-controller,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:12:50Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":4,"labels":"app.kubernetes.io/managed-by=Helm,helmet.redhat-appstudio.github.com/post-deploy=delete"}
{"level":"info","ts":"2026-04-28T19:12:50Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-04-28T19:12:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"open-cluster-management-2pvb4vdgf4p3csrl5l4cl4buk5fbbge2","items":2,"labels":"open-cluster-management.io/created-by-klusterlet=klusterlet-2pvb4vdgf4p3csrl5l4cl4buk5fbbge2"}
{"level":"debug","ts":"2026-04-28T19:12:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"open-cluster-management-2pvb4vdgf4p3csrl5l4cl4buk5fbbge2"}
{"level":"info","ts":"2026-04-28T19:12:52Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-04-28T19:12:54Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc","items":1,"labels":"app.kubernetes.io/managed-by=Helm,helmet.redhat-appstudio.github.com/post-deploy=delete"}
{"level":"info","ts":"2026-04-28T19:12:54Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-04-28T19:12:56Z","logger":"GenericReconciler","msg":"Reconciliation loop has ended"}
{"level":"info","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"Reconciliation loop has started"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":1,"Group":"","Version":"v1","Kind":"Pod"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":2,"Group":"apps","Version":"v1","Kind":"DaemonSet"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":3,"Group":"policy","Version":"v1","Kind":"PodDisruptionBudget"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":4,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRoleBinding"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":5,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"RoleBinding"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":6,"Group":"apps","Version":"v1","Kind":"StatefulSet"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":7,"Group":"","Version":"v1","Kind":"ReplicationController"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":8,"Group":"","Version":"v1","Kind":"Service"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":9,"Group":"apps","Version":"v1","Kind":"ReplicaSet"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":10,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRole"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":11,"Group":"","Version":"v1","Kind":"PersistentVolumeClaim"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":12,"Group":"autoscaling","Version":"v1","Kind":"HorizontalPodAutoscaler"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":13,"Group":"batch","Version":"v1","Kind":"Job"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":14,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"Role"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":15,"Group":"apps.openshift.io","Version":"v1","Kind":"DeploymentConfig"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":16,"Group":"","Version":"v1","Kind":"ServiceAccount"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":17,"Group":"batch","Version":"v1","Kind":"CronJob"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":18,"Group":"networking.k8s.io","Version":"v1","Kind":"Ingress"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":19,"Group":"networking.k8s.io","Version":"v1","Kind":"NetworkPolicy"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"apiResource","no":20,"Group":"apps","Version":"v1","Kind":"Deployment"}
{"level":"info","ts":"2026-04-28T19:14:46Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-04-28T19:14:46Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-04-28T19:14:46Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-04-28T19:14:46Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-04-28T19:14:46Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"trusted-artifact-signer","items":5,"labels":"app.kubernetes.io/component=client-server,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=f6d595f96"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"cli-server\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cli-server\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cli-server\" has memory limit 0"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"trusted-artifact-signer","items":5,"labels":"app.kubernetes.io/component=client-server,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-04-28T19:14:46Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"trusted-artifact-signer"}
{"level":"info","ts":"2026-04-28T19:14:46Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":4,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-tpa"}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tssc-tpa,olm.owner=rhtpa-operator.v1.1.4,olm.permissions.hash=ayWt7Ra7j6VaUOWVVnLRSjaZXaH1qykCBmO9pt,operators.coreos.com/rhtpa-operator.tssc-tpa="}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-tpa"}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":5,"labels":"control-plane=controller-manager,pod-template-hash=556f86dcbc"}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-tpa"}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":1,"labels":"olm.managed=true,operators.coreos.com/rhtpa-operator.tssc-tpa="}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-tpa"}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tssc-tpa,olm.owner=rhtpa-operator.v1.1.4,olm.permissions.hash=89zmJTEa8x4dF5PYcd2jJAXBQdRMGCux5nsqKM,operators.coreos.com/rhtpa-operator.tssc-tpa="}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-tpa"}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":3,"labels":"app.kubernetes.io/managed-by=Helm"}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":5,"labels":"app=tpa-pgsql-bee,phase=reference,pod-template-hash=7c6bf4d9f7"}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":3,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=rhtpa-operator,control-plane=controller-manager,olm.managed=true,operators.coreos.com/rhtpa-operator.tssc-tpa="}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-tpa"}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-tpa","items":2,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=rhtpa-operator,control-plane=controller-manager,olm.deployment-spec-hash=9VPLxFzzZEFCihbIorY1e17RuqWiY7CXeXLOOk,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tssc-tpa,olm.owner=rhtpa-operator.v1.1.4,operators.coreos.com/rhtpa-operator.tssc-tpa="}
{"level":"debug","ts":"2026-04-28T19:14:47Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-tpa"}
{"level":"info","ts":"2026-04-28T19:14:47Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
I0428 19:14:48.532804       1 request.go:752] "Waited before sending request" delay="1.342394701s" reason="client-side throttling, not priority and fairness" verb="GET" URL="https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/tssc-gitops/rolebindings?continue=eyJ2IjoibWV0YS5rOHMuaW8vdjEiLCJydiI6MjM0NDQsInN0YXJ0IjoiL2RlZGljYXRlZC1hZG1pbnMtMVx1MDAwMCJ9&limit=5"
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":3,"labels":"app.kubernetes.io/component=application-controller,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-application-controller,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"argocd-application-controller\" is referring to an unknown config map \"argocd-cmd-params-cm\""}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"argocd-application-controller\" is referring to an unknown secret \"tssc-gitops-redis-initial-password\""}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tssc-gitops-argocd-application-controller\" not found"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"argocd-application-controller\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"argocd-application-controller\" is referring to an unknown config map \"argocd-cmd-params-cm\""}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"argocd-application-controller\" is referring to an unknown secret \"tssc-gitops-redis-initial-password\""}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tssc-gitops-argocd-application-controller\" not found"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"argocd-application-controller\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":4,"labels":"app.kubernetes.io/name=tssc-gitops-application-controller,apps.kubernetes.io/pod-index=0,controller-revision-hash=tssc-gitops-application-controller-7b8d4dd45c,statefulset.kubernetes.io/pod-name=tssc-gitops-application-controller-0"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"argocd-application-controller\" is referring to an unknown config map \"argocd-cmd-params-cm\""}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"argocd-application-controller\" is referring to an unknown secret \"tssc-gitops-redis-initial-password\""}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tssc-gitops-argocd-application-controller\" not found"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller","kind":"StatefulSet","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"argocd-application-controller\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":2,"labels":"batch.kubernetes.io/controller-uid=acde23a2-9994-4c43-81bd-c3d74a871611,batch.kubernetes.io/job-name=tssc-gitops-post-deploy,controller-uid=acde23a2-9994-4c43-81bd-c3d74a871611,job-name=tssc-gitops-post-deploy"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"argocd-generate-token\" is referring to an unknown secret \"tssc-gitops-cluster\""}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"job-ttl-seconds-after-finished","check_description":"Indicates when standalone jobs do not set ttlSecondsAfterFinished and when jobs managed by cronjob do set ttlSecondsAfterFinished.","check_remediation":"Set Job.spec.ttlSecondsAfterFinished. Unset CronJob.Spec.JobTemplate.Spec.ttlSecondsAfterFinished.","check_failure_reason":"Standalone Job does not specify ttlSecondsAfterFinished"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tssc-gitops\" not found"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"restart-policy","check_description":"Indicates when a deployment-like object does not use a restart policy","check_remediation":"Set up the restart policy for your object to 'Always' or 'OnFailure' to increase the fault tolerance.","check_failure_reason":"object has a restart policy defined with 'Never' but the only accepted restart policies are '[Always OnFailure]'"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"copy-scripts\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"argocd-generate-token\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"argocd-store-token\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"copy-scripts\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"argocd-generate-token\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"argocd-store-token\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"copy-scripts\" has memory limit 0"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"argocd-generate-token\" has memory limit 0"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-post-deploy","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"argocd-store-token\" has memory limit 0"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":7,"labels":"app.kubernetes.io/name=tssc-gitops-server,pod-template-hash=66784844c4"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"argocd-server\" is referring to an unknown secret \"tssc-gitops-redis-initial-password\""}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-server","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tssc-gitops-argocd-server\" not found"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":1,"labels":"app.kubernetes.io/component=metrics,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-metrics,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":2,"labels":"app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=argocd-redis,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":3,"labels":"app.kubernetes.io/name=tssc-gitops-dex-server,pod-template-hash=cb67bf45f"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":10,"labels":"app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-application-controller-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicy","check_description":"Indicates when networkpolicies do not have any associated deployments.","check_remediation":"Confirm that your networkPolicy's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy's podSelector labels ({map[app.kubernetes.io/name:tssc-gitops-application-controller] []}) "}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-applicationset-controller-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicy","check_description":"Indicates when networkpolicies do not have any associated deployments.","check_remediation":"Confirm that your networkPolicy's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy's podSelector labels ({map[app.kubernetes.io/name:argocd-applicationset-controller] []}) "}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-dex-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicy","check_description":"Indicates when networkpolicies do not have any associated deployments.","check_remediation":"Confirm that your networkPolicy's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy's podSelector labels ({map[app.kubernetes.io/name:tssc-gitops-dex-server] []}) "}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-dex-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-server)"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicy","check_description":"Indicates when networkpolicies do not have any associated deployments.","check_remediation":"Confirm that your networkPolicy's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy's podSelector labels ({map[app.kubernetes.io/name:tssc-gitops-repo-server] []}) "}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-application-controller)"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-server)"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-notifications-controller)"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=argocd-applicationset-controller)"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-repo-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app.kubernetes.io/name=tssc-gitops-applicationset-controller)"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-gitops","object":"tssc-gitops-server-network-policy","kind":"NetworkPolicy","validation":"dangling-networkpolicy","check_description":"Indicates when networkpolicies do not have any associated deployments.","check_remediation":"Confirm that your networkPolicy's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy's podSelector labels ({map[app.kubernetes.io/name:tssc-gitops-server] []}) "}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":6,"labels":"app.kubernetes.io/name=tssc-gitops-repo-server,pod-template-hash=59c4d978c4"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":5,"labels":"app.kubernetes.io/component=redis,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-redis,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":5,"labels":"app.kubernetes.io/component=controller,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=argocd-applicationset-controller,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":6,"labels":"app.kubernetes.io/name=tssc-gitops-redis,pod-template-hash=9b74744d6"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":5,"labels":"app.kubernetes.io/component=repo-server,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-repo-server,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":6,"labels":"app.kubernetes.io/component=server,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-server,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":1,"labels":"app.kubernetes.io/component=server,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-server-metrics,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":2,"labels":"app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=argocd-dex-server,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":1,"labels":"app.kubernetes.io/instance=tssc-gitops,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=tssc-gitops,app.kubernetes.io/version=1.20,helm.sh/chart=tssc-gitops-1.9.0"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":5,"labels":"app.kubernetes.io/name=tssc-gitops-applicationset-controller,pod-template-hash=5df5944d4d"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":6,"labels":"app.kubernetes.io/name=tssc-gitops-dex-server,dex.config.changed=04282026-191226-UTC,pod-template-hash=79d75fdc5c"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":3,"labels":"app.kubernetes.io/component=applicationset-controller,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-applicationset-controller,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":5,"labels":"app.kubernetes.io/component=dex-server,app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=tssc-gitops-dex-server,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":2,"labels":"app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=argocd-application-controller,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":2,"labels":"app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=argocd-redis-ha,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-gitops","items":2,"labels":"app.kubernetes.io/managed-by=tssc-gitops,app.kubernetes.io/name=argocd-server,app.kubernetes.io/part-of=argocd"}
{"level":"debug","ts":"2026-04-28T19:14:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-gitops"}
{"level":"info","ts":"2026-04-28T19:14:52Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-04-28T19:14:54Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"open-cluster-management-2pvb4vdgf4p3csrl5l4cl4buk5fbbge2","items":2,"labels":"open-cluster-management.io/created-by-klusterlet=klusterlet-2pvb4vdgf4p3csrl5l4cl4buk5fbbge2"}
{"level":"debug","ts":"2026-04-28T19:14:54Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"open-cluster-management-2pvb4vdgf4p3csrl5l4cl4buk5fbbge2"}
{"level":"info","ts":"2026-04-28T19:14:54Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc","items":1,"labels":"app.kubernetes.io/managed-by=Helm,helmet.redhat-appstudio.github.com/post-deploy=delete"}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc","items":1,"labels":"app.kubernetes.io/instance=tssc-iam,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=tssc-iam,helm.sh/chart=tssc-iam-1.9.0"}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc","object":"test-tssc-iam","kind":"Pod","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc","object":"test-tssc-iam","kind":"Pod","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc","object":"test-tssc-iam","kind":"Pod","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tssc-iam\" not found"}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc","object":"test-tssc-iam","kind":"Pod","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc","object":"test-tssc-iam","kind":"Pod","validation":"restart-policy","check_description":"Indicates when a deployment-like object does not use a restart policy","check_remediation":"Set up the restart policy for your object to 'Always' or 'OnFailure' to increase the fault tolerance.","check_failure_reason":"object has a restart policy defined with 'Never' but the only accepted restart policies are '[Always OnFailure]'"}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc","object":"test-tssc-iam","kind":"Pod","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"copy-scripts\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc","object":"test-tssc-iam","kind":"Pod","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"keycloak-keycloak\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc","object":"test-tssc-iam","kind":"Pod","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"realm-test\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc","object":"test-tssc-iam","kind":"Pod","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"copy-scripts\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc","object":"test-tssc-iam","kind":"Pod","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"keycloak-keycloak\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc","object":"test-tssc-iam","kind":"Pod","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"realm-test\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc","object":"test-tssc-iam","kind":"Pod","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"copy-scripts\" has memory limit 0"}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc","object":"test-tssc-iam","kind":"Pod","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"keycloak-keycloak\" has memory limit 0"}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc","object":"test-tssc-iam","kind":"Pod","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"realm-test\" has memory limit 0"}
{"level":"debug","ts":"2026-04-28T19:14:56Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc","items":1,"labels":"app.kubernetes.io/managed-by=Helm"}
{"level":"info","ts":"2026-04-28T19:14:56Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
I0428 19:14:58.533728       1 request.go:752] "Waited before sending request" delay="1.913964867s" reason="client-side throttling, not priority and fairness" verb="GET" URL="https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/null/rolebindings?continue=eyJ2IjoibWV0YS5rOHMuaW8vdjEiLCJydiI6MjM3MDcsInN0YXJ0IjoiL2RlZGljYXRlZC1hZG1pbnMtYWxlcnQtcm91dGluZy1lZGl0LTBcdTAwMDAifQ&limit=5"
{"level":"info","ts":"2026-04-28T19:14:58Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-04-28T19:15:02Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=rhbk-operator,olm.owner=rhbk-operator.v26.4.11-opr.1,olm.permissions.hash=4O0tiObYrrFrlUWdzQmHj2sVWezFneLyYDCeOp,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-04-28T19:15:02Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-04-28T19:15:02Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":2,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-04-28T19:15:02Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-04-28T19:15:02Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=rhbk-operator,olm.owner=rhbk-operator.v26.4.11-opr.1,olm.permissions.hash=4Z6mzHw3Gux72vIWxroUVRIpSW5IOUFnONBDgt,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-04-28T19:15:02Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-04-28T19:15:02Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":4,"labels":"name=rhbk-operator,pod-template-hash=759b8bf9b5"}
{"level":"debug","ts":"2026-04-28T19:15:02Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-04-28T19:15:02Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.managed=true,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-04-28T19:15:02Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-04-28T19:15:02Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.deployment-spec-hash=cOdK84vKgnaRLenln58KtpXCI40xI5jsgYOhU0,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=rhbk-operator,olm.owner=rhbk-operator.v26.4.11-opr.1,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-04-28T19:15:02Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"info","ts":"2026-04-28T19:15:02Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-keycloak","items":4,"labels":"app.kubernetes.io/managed-by=Helm"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak","kind":"Service","validation":"dangling-service","check_description":"Indicates when services do not have any associated deployments.","check_remediation":"Confirm that your service's selector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching service labels (map[app:keycloak app.kubernetes.io/instance:keycloak app.kubernetes.io/managed-by:keycloak-operator])"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-keycloak","items":6,"labels":"app.kubernetes.io/component=server,app.kubernetes.io/instance=keycloak,app.kubernetes.io/managed-by=keycloak-operator,app=keycloak,apps.kubernetes.io/pod-index=0,controller-revision-hash=keycloak-6558bdbd45,statefulset.kubernetes.io/pod-name=keycloak-0"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak","kind":"StatefulSet","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-initial-admin\""}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-initial-admin\""}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak","kind":"StatefulSet","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak","kind":"StatefulSet","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak","kind":"StatefulSet","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"keycloak\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak","kind":"StatefulSet","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"keycloak\" has cpu request 0"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-keycloak","items":5,"labels":"app=keycloak-pgsql-bee,phase=reference,pod-template-hash=7875bcd9bc"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tssc-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-keycloak","items":8,"labels":"app.kubernetes.io/instance=keycloak,app.kubernetes.io/managed-by=keycloak-operator,app=keycloak"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-keycloak"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-keycloak","items":1,"labels":"olm.copiedFrom=rhbk-operator,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tssc-keycloak,olm.owner=rhbk-operator.v26.4.11-opr.1,olm.permissions.hash=4O0tiObYrrFrlUWdzQmHj2sVWezFneLyYDCeOp"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-keycloak"}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tssc-keycloak","items":1,"labels":"olm.copiedFrom=rhbk-operator,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tssc-keycloak,olm.owner=rhbk-operator.v26.4.11-opr.1,olm.permissions.hash=4Z6mzHw3Gux72vIWxroUVRIpSW5IOUFnONBDgt,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-04-28T19:15:06Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tssc-keycloak"}
{"level":"info","ts":"2026-04-28T19:15:06Z","logger":"GenericReconciler","msg":"Reconciliation loop has ended"}