{"level":"info","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Operator Version: 0.0.1"}
{"level":"info","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Go Version: go1.25.8 (Red Hat 1.25.8-1.module+el8.10.0+24168+9fd3a552) X:strictfipsruntime"}
{"level":"info","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Go OS/Arch: linux/amd64"}
{"level":"info","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Setting Up Manager"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Load KubeConfig"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Initialize Manager"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Initialize Scheme"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Getting Manager Options"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Adding Healthz and Readyz checks"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Registering Components"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Initialize Prometheus Registry"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Initialize Prometheus metrics endpoint","endpoint":"http://0.0.0.0:8383/metrics"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Initialize ConfigMap watcher"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Initialize Validation Engine"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Initialize Reconciler"}
{"level":"info","ts":"2026-05-21T19:46:08Z","logger":"DeploymentValidation","msg":"Starting Manager"}
{"level":"info","ts":"2026-05-21T19:46:08Z","msg":"starting server","name":"health probe","addr":"[::]:8081"}
{"level":"info","ts":"2026-05-21T19:46:08Z","logger":"ConfigMapWatcher","msg":"a ConfigMap has been created under watched namespace","name":"deployment-validation-operator-config","namespace":"openshift-deployment-validation-operator"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"Current set of enabled checks","checks":"dangling-horizontalpodautoscaler, dangling-ingress, dangling-networkpolicy, dangling-networkpolicypeer-podselector, dangling-service, dangling-servicemonitor, dnsconfig-options, duplicate-env-var, env-value-from, host-ipc, host-network, host-pid, hpa-minimum-three-replicas, invalid-target-ports, job-ttl-seconds-after-finished, liveness-port, minimum-three-replicas, no-anti-affinity, no-node-affinity, non-existent-service-account, non-isolated-pod, pdb-max-unavailable, pdb-min-available, pdb-unhealthy-pod-eviction-policy, priority-class-name, privilege-escalation-container, privileged-container, readiness-port, restart-policy, run-as-non-root, scc-deny-privileged-container, schema-validation, sorted-keys, startup-port, unsafe-sysctls, unset-cpu-requirements, unset-memory-requirements"}
{"level":"info","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"The ConfigMap has been updated"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":1,"Group":"apps","Version":"v1","Kind":"StatefulSet"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":2,"Group":"","Version":"v1","Kind":"Service"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":3,"Group":"networking.k8s.io","Version":"v1","Kind":"Ingress"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":4,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRoleBinding"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":5,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"Role"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":6,"Group":"policy","Version":"v1","Kind":"PodDisruptionBudget"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":7,"Group":"apps","Version":"v1","Kind":"Deployment"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":8,"Group":"autoscaling","Version":"v1","Kind":"HorizontalPodAutoscaler"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":9,"Group":"","Version":"v1","Kind":"ServiceAccount"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":10,"Group":"networking.k8s.io","Version":"v1","Kind":"NetworkPolicy"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":11,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRole"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":12,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"RoleBinding"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":13,"Group":"","Version":"v1","Kind":"PersistentVolumeClaim"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":14,"Group":"batch","Version":"v1","Kind":"CronJob"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":15,"Group":"batch","Version":"v1","Kind":"Job"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":16,"Group":"apps.openshift.io","Version":"v1","Kind":"DeploymentConfig"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":17,"Group":"apps","Version":"v1","Kind":"ReplicaSet"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":18,"Group":"","Version":"v1","Kind":"Pod"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":19,"Group":"","Version":"v1","Kind":"ReplicationController"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"apiResource","no":20,"Group":"apps","Version":"v1","Kind":"DaemonSet"}
{"level":"info","ts":"2026-05-21T19:46:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:46:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"open-cluster-management-2qegn84g18ids9l2o4klqb2qr2p2km0b","items":2,"labels":"open-cluster-management.io/created-by-klusterlet=klusterlet-2qegn84g18ids9l2o4klqb2qr2p2km0b"}
{"level":"info","ts":"2026-05-21T19:46:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciliation loop has started"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":1,"Group":"apps","Version":"v1","Kind":"StatefulSet"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":2,"Group":"","Version":"v1","Kind":"Service"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":3,"Group":"networking.k8s.io","Version":"v1","Kind":"Ingress"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":4,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRoleBinding"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":5,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"Role"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":6,"Group":"policy","Version":"v1","Kind":"PodDisruptionBudget"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":7,"Group":"apps","Version":"v1","Kind":"Deployment"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":8,"Group":"autoscaling","Version":"v1","Kind":"HorizontalPodAutoscaler"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":9,"Group":"","Version":"v1","Kind":"ServiceAccount"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":10,"Group":"networking.k8s.io","Version":"v1","Kind":"NetworkPolicy"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":11,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRole"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":12,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"RoleBinding"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":13,"Group":"","Version":"v1","Kind":"PersistentVolumeClaim"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":14,"Group":"batch","Version":"v1","Kind":"CronJob"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":15,"Group":"batch","Version":"v1","Kind":"Job"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":16,"Group":"apps.openshift.io","Version":"v1","Kind":"DeploymentConfig"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":17,"Group":"apps","Version":"v1","Kind":"ReplicaSet"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":18,"Group":"","Version":"v1","Kind":"Pod"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":19,"Group":"","Version":"v1","Kind":"ReplicationController"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"apiResource","no":20,"Group":"apps","Version":"v1","Kind":"DaemonSet"}
{"level":"info","ts":"2026-05-21T19:48:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf","items":1,"labels":"app.kubernetes.io/instance=tsf-infrastructure,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=tsf-infrastructure,helm.sh/chart=tsf-infrastructure-0.1.0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"test-tpa-pgsql-bee\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"test-keycloak-pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tsf-infrastructure\" not found"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"restart-policy","check_description":"Indicates when a deployment-like object does not use a restart policy","check_remediation":"Set up the restart policy for your object to 'Always' or 'OnFailure' to increase the fault tolerance.","check_failure_reason":"object has a restart policy defined with 'Never' but the only accepted restart policies are '[Always OnFailure]'"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"copy-scripts\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"test-tpa-pgsql-bee\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"test-keycloak-pgsql-bee\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"test-rollout-openshift-pipelines\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"copy-scripts\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"test-tpa-pgsql-bee\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"test-keycloak-pgsql-bee\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"test-rollout-openshift-pipelines\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"copy-scripts\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"test-tpa-pgsql-bee\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"test-keycloak-pgsql-bee\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"test-tsf-infrastructure","kind":"Pod","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"test-rollout-openshift-pipelines\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf","items":1,"labels":"app.kubernetes.io/managed-by=Helm,helmet.redhat-appstudio.github.com/post-deploy=delete"}
{"level":"info","ts":"2026-05-21T19:48:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=rhbk-operator,olm.owner=rhbk-operator.v26.4.12-opr.1,olm.permissions.hash=4O0tiObYrrFrlUWdzQmHj2sVWezFneLyYDCeOp,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":2,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=rhbk-operator,olm.owner=rhbk-operator.v26.4.12-opr.1,olm.permissions.hash=abaw0uIHc78kEtsrZCh8UYCMjDwlvGAGG65tud,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":4,"labels":"name=rhbk-operator,pod-template-hash=6fc7dbc666"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"rhbk-operator","object":"rhbk-operator","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"rhbk-operator","object":"rhbk-operator","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"rhbk-operator","object":"rhbk-operator","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"rhbk-operator","object":"rhbk-operator","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"rhbk-operator\" not found"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"rhbk-operator","object":"rhbk-operator","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"rhbk-operator","object":"rhbk-operator","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"rhbk-operator\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.managed=true,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.deployment-spec-hash=ajtCPjdTLog74BPXdcauP7Cyqs94S6711y20k7,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=rhbk-operator,olm.owner=rhbk-operator.v26.4.12-opr.1,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"info","ts":"2026-05-21T19:48:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"open-cluster-management-2qegn84g18ids9l2o4klqb2qr2p2km0b","items":2,"labels":"open-cluster-management.io/created-by-klusterlet=klusterlet-2qegn84g18ids9l2o4klqb2qr2p2km0b"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"open-cluster-management-2qegn84g18ids9l2o4klqb2qr2p2km0b"}
{"level":"info","ts":"2026-05-21T19:48:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":3,"labels":"app.kubernetes.io/managed-by=Helm"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":5,"labels":"app=keycloak-pgsql-bee,phase=reference,pod-template-hash=744f6fc4d9"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":1,"labels":"olm.copiedFrom=rhbk-operator,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-keycloak,olm.owner=rhbk-operator.v26.4.12-opr.1,olm.permissions.hash=4O0tiObYrrFrlUWdzQmHj2sVWezFneLyYDCeOp,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":1,"labels":"olm.copiedFrom=rhbk-operator,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-keycloak,olm.owner=rhbk-operator.v26.4.12-opr.1,olm.permissions.hash=abaw0uIHc78kEtsrZCh8UYCMjDwlvGAGG65tud,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"info","ts":"2026-05-21T19:48:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":5,"labels":"app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook,app.kubernetes.io/version=v1.19.4,app=webhook,pod-template-hash=7dc76cbb94"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"cert-manager-webhook\" not found"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-webhook\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-webhook\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":7,"labels":"app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,app.kubernetes.io/version=v1.19.4,app=cert-manager"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-controller\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-controller\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-controller\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-controller\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":5,"labels":"app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector,app.kubernetes.io/version=v1.19.4,app=cainjector"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-cainjector\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-cainjector\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-cainjector\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-cainjector\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":7,"labels":"app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook,app.kubernetes.io/version=v1.19.4,app=webhook"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-webhook\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-webhook\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-webhook\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-webhook","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-webhook\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":5,"labels":"app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,app.kubernetes.io/version=v1.19.4,app=cert-manager,pod-template-hash=59c77684cc"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"cert-manager\" not found"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-controller\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-controller\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":5,"labels":"app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector,app.kubernetes.io/version=v1.19.4,app=cainjector,pod-template-hash=5d99449ffd"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"cert-manager-cainjector\" not found"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-cainjector\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager","object":"cert-manager-cainjector","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-cainjector\" has memory limit 0"}
{"level":"info","ts":"2026-05-21T19:48:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-05-21T19:48:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
I0521 19:48:10.207542       1 request.go:752] "Waited before sending request" delay="1.264014784s" reason="client-side throttling, not priority and fairness" verb="GET" URL="https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/tsf-tpa/rolebindings?continue=eyJ2IjoibWV0YS5rOHMuaW8vdjEiLCJydiI6MjE0NTQsInN0YXJ0IjoiL3JodHBhLW9wZXJhdG9yLWJpbmQtam9iXHUwMDAwIn0&limit=5"
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"olm.managed=true,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":2,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=rhtpa-operator,control-plane=controller-manager,olm.deployment-spec-hash=61NDiU2koxxLCzAl6gIAYLCVnf76UPkRYTqw81,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-tpa,olm.owner=rhtpa-operator.v1.1.4,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"liveness-port","check_description":"Indicates when containers have a liveness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the liveness probe.","check_failure_reason":"container \"manager\" does not expose port 8081 for the HTTPGet"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"rhtpa-operator-controller-manager\" not found"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"readiness-port","check_description":"Indicates when containers have a readiness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the readiness probe.","check_failure_reason":"container \"manager\" does not expose port 8081 for the HTTPGet"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"liveness-port","check_description":"Indicates when containers have a liveness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the liveness probe.","check_failure_reason":"container \"manager\" does not expose port 8081 for the HTTPGet"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"rhtpa-operator-controller-manager\" not found"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"readiness-port","check_description":"Indicates when containers have a readiness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the readiness probe.","check_failure_reason":"container \"manager\" does not expose port 8081 for the HTTPGet"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-tpa,olm.owner=rhtpa-operator.v1.1.4,olm.permissions.hash=89zmJTEa8x4dF5PYcd2jJAXBQdRMGCux5nsqKM,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":3,"labels":"app.kubernetes.io/managed-by=Helm"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":3,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=rhtpa-operator,control-plane=controller-manager,olm.managed=true,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"liveness-port","check_description":"Indicates when containers have a liveness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the liveness probe.","check_failure_reason":"container \"manager\" does not expose port 8081 for the HTTPGet"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"rhtpa-operator-controller-manager\" not found"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"readiness-port","check_description":"Indicates when containers have a readiness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the readiness probe.","check_failure_reason":"container \"manager\" does not expose port 8081 for the HTTPGet"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":4,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-tpa,olm.owner=rhtpa-operator.v1.1.4,olm.permissions.hash=aFImzaN7XMTLc0qsAWHiSsv2PNOJPMjP0l04oA,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":5,"labels":"control-plane=controller-manager,pod-template-hash=586cbb496b"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"liveness-port","check_description":"Indicates when containers have a liveness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the liveness probe.","check_failure_reason":"container \"manager\" does not expose port 8081 for the HTTPGet"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"rhtpa-operator-controller-manager\" not found"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"rhtpa-operator-controller-manager","kind":"Deployment","validation":"readiness-port","check_description":"Indicates when containers have a readiness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the readiness probe.","check_failure_reason":"container \"manager\" does not expose port 8081 for the HTTPGet"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":5,"labels":"app=tpa-pgsql-bee,phase=reference,pod-template-hash=5df6ff8bdf"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"tpa-pgsql-bee","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"info","ts":"2026-05-21T19:48:10Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-05-21T19:48:14Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:48:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":4,"labels":"name=cert-manager-operator,pod-template-hash=5b66478c58"}
{"level":"debug","ts":"2026-05-21T19:48:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager-operator","object":"cert-manager-operator-controller-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager-operator","object":"cert-manager-operator-controller-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager-operator","object":"cert-manager-operator-controller-manager","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"cert-manager-operator-controller-manager\" not found"}
{"level":"debug","ts":"2026-05-21T19:48:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager-operator","object":"cert-manager-operator-controller-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager-operator","object":"cert-manager-operator-controller-manager","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cert-manager-operator\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:48:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":2,"labels":"app.kubernetes.io/created-by=cert-manager-operator,app.kubernetes.io/instance=controller-manager-metrics-service,app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=service,app.kubernetes.io/part-of=cert-manager-operator,control-plane=controller-manager,olm.managed=true,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:48:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager-operator","object":"cert-manager-operator-controller-manager-metrics-service","kind":"Service","validation":"dangling-service","check_description":"Indicates when services do not have any associated deployments.","check_remediation":"Confirm that your service's selector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching service labels (map[control-plane:controller-manager])"}
{"level":"debug","ts":"2026-05-21T19:48:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"cert-manager-operator","object":"cert-manager-operator-controller-manager-metrics-service","kind":"Service","validation":"dangling-service","check_description":"Indicates when services do not have any associated deployments.","check_remediation":"Confirm that your service's selector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching service labels (map[control-plane:controller-manager])"}
{"level":"debug","ts":"2026-05-21T19:48:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"olm.managed=true,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:48:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"app.kubernetes.io/component=manager,app.kubernetes.io/created-by=cert-manager-operator,app.kubernetes.io/instance=controller-manager,app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=deployment,app.kubernetes.io/part-of=cert-manager-operator,olm.deployment-spec-hash=3sswK1i6h95ceYyTm9Y8NTcnSqHLcsB2WsCSCq,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=cert-manager-operator,olm.owner=cert-manager-operator.v1.19.0,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:48:18Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:48:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=cert-manager-operator,olm.owner=cert-manager-operator.v1.19.0,olm.permissions.hash=jFynzryran0Td5CUgJ3rwrkK6ZdYd35f5iILp,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:48:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":2,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-05-21T19:48:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=cert-manager-operator,olm.owner=cert-manager-operator.v1.19.0,olm.permissions.hash=5BvcE6aNRl1kjQ4qoZiC75uAhCACnLI6hzXqiT,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"info","ts":"2026-05-21T19:48:18Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"trusted-artifact-signer","items":5,"labels":"app.kubernetes.io/component=client-server,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=7d56d9fd65"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"cli-server\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cli-server\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cli-server\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"trusted-artifact-signer","items":5,"labels":"app.kubernetes.io/component=client-server,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"cli-server\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cli-server\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cli-server\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"cli-server\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cli-server\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:48:20Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"trusted-artifact-signer","object":"cli-server","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"cli-server\" has memory limit 0"}
{"level":"info","ts":"2026-05-21T19:48:20Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
I0521 19:48:22.207472       1 request.go:752] "Waited before sending request" delay="1.880624486s" reason="client-side throttling, not priority and fairness" verb="GET" URL="https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/rhtpa-operator/rolebindings?continue=eyJ2IjoibWV0YS5rOHMuaW8vdjEiLCJydiI6MjE3MzEsInN0YXJ0IjoiL2RlZGljYXRlZC1hZG1pbnMtMVx1MDAwMCJ9&limit=5"
{"level":"info","ts":"2026-05-21T19:48:24Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:48:28Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=konflux-operator,olm.owner=konflux-operator.v0.1.12,olm.permissions.hash=jFynzryran0Td5CUgJ3rwrkK6ZdYd35f5iILp,operators.coreos.com/konflux-operator.konflux-operator="}
{"level":"debug","ts":"2026-05-21T19:48:28Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=konflux-operator,olm.owner=konflux-operator.v0.1.12,olm.permissions.hash=6VkYjWmwqEjnVGzheji50fOML3rUm81RARgZTo,operators.coreos.com/konflux-operator.konflux-operator="}
{"level":"debug","ts":"2026-05-21T19:48:28Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":5,"labels":"app.kubernetes.io/name=konflux-operator,control-plane=controller-manager,pod-template-hash=5bf6d87b75"}
{"level":"debug","ts":"2026-05-21T19:48:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-operator","object":"konflux-operator-controller-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:48:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-operator","object":"konflux-operator-controller-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:48:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-operator","object":"konflux-operator-controller-manager","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:48:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-operator","object":"konflux-operator-controller-manager","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"konflux-operator-controller-manager\" not found"}
{"level":"debug","ts":"2026-05-21T19:48:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-operator","object":"konflux-operator-controller-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:48:28Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":3,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=konflux-operator,control-plane=controller-manager,olm.managed=true,operators.coreos.com/konflux-operator.konflux-operator="}
{"level":"debug","ts":"2026-05-21T19:48:28Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"debug","ts":"2026-05-21T19:48:28Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":1,"labels":"olm.managed=true,operators.coreos.com/konflux-operator.konflux-operator="}
{"level":"debug","ts":"2026-05-21T19:48:28Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":2,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=konflux-operator,control-plane=controller-manager,olm.deployment-spec-hash=89feUewdEmmyMoWae71sVKb89hZ8OCO8vfIxce,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=konflux-operator,olm.owner=konflux-operator.v0.1.12,operators.coreos.com/konflux-operator.konflux-operator="}
{"level":"debug","ts":"2026-05-21T19:48:28Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"debug","ts":"2026-05-21T19:48:28Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":2,"labels":"olm.managed=true"}
{"level":"info","ts":"2026-05-21T19:48:28Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-05-21T19:48:32Z","logger":"GenericReconciler","msg":"Reconciliation loop has ended"}
{"level":"info","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciliation loop has started"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":1,"Group":"apps","Version":"v1","Kind":"StatefulSet"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":2,"Group":"","Version":"v1","Kind":"Service"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":3,"Group":"networking.k8s.io","Version":"v1","Kind":"Ingress"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":4,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRoleBinding"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":5,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"Role"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":6,"Group":"policy","Version":"v1","Kind":"PodDisruptionBudget"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":7,"Group":"apps","Version":"v1","Kind":"Deployment"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":8,"Group":"autoscaling","Version":"v1","Kind":"HorizontalPodAutoscaler"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":9,"Group":"","Version":"v1","Kind":"ServiceAccount"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":10,"Group":"networking.k8s.io","Version":"v1","Kind":"NetworkPolicy"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":11,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRole"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":12,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"RoleBinding"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":13,"Group":"","Version":"v1","Kind":"PersistentVolumeClaim"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":14,"Group":"batch","Version":"v1","Kind":"CronJob"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":15,"Group":"batch","Version":"v1","Kind":"Job"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":16,"Group":"apps.openshift.io","Version":"v1","Kind":"DeploymentConfig"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":17,"Group":"apps","Version":"v1","Kind":"ReplicaSet"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":18,"Group":"","Version":"v1","Kind":"Pod"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":19,"Group":"","Version":"v1","Kind":"ReplicationController"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"apiResource","no":20,"Group":"apps","Version":"v1","Kind":"DaemonSet"}
{"level":"info","ts":"2026-05-21T19:50:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":5,"labels":"control-plane=controller-manager,pod-template-hash=586cbb496b"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":5,"labels":"app=tpa-pgsql-bee,phase=reference,pod-template-hash=5df6ff8bdf"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":2,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=rhtpa-operator,control-plane=controller-manager,olm.deployment-spec-hash=61NDiU2koxxLCzAl6gIAYLCVnf76UPkRYTqw81,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-tpa,olm.owner=rhtpa-operator.v1.1.4,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":4,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-tpa,olm.owner=rhtpa-operator.v1.1.4,olm.permissions.hash=aFImzaN7XMTLc0qsAWHiSsv2PNOJPMjP0l04oA,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":3,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=rhtpa-operator,control-plane=controller-manager,olm.managed=true,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"olm.managed=true,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-tpa,olm.owner=rhtpa-operator.v1.1.4,olm.permissions.hash=89zmJTEa8x4dF5PYcd2jJAXBQdRMGCux5nsqKM,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":3,"labels":"app.kubernetes.io/managed-by=Helm"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"info","ts":"2026-05-21T19:50:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":2,"labels":"batch.kubernetes.io/controller-uid=ad34665a-667b-449f-a803-667cab849e9e,batch.kubernetes.io/job-name=ctlog-createtree-job-9h8k2,controller-uid=ad34665a-667b-449f-a803-667cab849e9e,job-name=ctlog-createtree-job-9h8k2"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog-createtree-job-9h8k2","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog-createtree-job-9h8k2","kind":"Job","validation":"job-ttl-seconds-after-finished","check_description":"Indicates when standalone jobs do not set ttlSecondsAfterFinished and when jobs managed by cronjob do set ttlSecondsAfterFinished.","check_remediation":"Set Job.spec.ttlSecondsAfterFinished. Unset CronJob.Spec.JobTemplate.Spec.ttlSecondsAfterFinished.","check_failure_reason":"Standalone Job does not specify ttlSecondsAfterFinished"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog-createtree-job-9h8k2","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog-createtree-job-9h8k2","kind":"Job","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"ctlog-createtree-job\" not found"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog-createtree-job-9h8k2","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog-createtree-job-9h8k2","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"createtree\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog-createtree-job-9h8k2","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"createtree\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog-createtree-job-9h8k2","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"createtree\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":2,"labels":"batch.kubernetes.io/controller-uid=18e28d6e-e122-4929-bbf9-ac1c797a9c70,batch.kubernetes.io/job-name=segment-backup-installation-qts55,controller-uid=18e28d6e-e122-4929-bbf9-ac1c797a9c70,job-name=segment-backup-installation-qts55"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"segment-backup-installation-qts55","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"segment-backup-installation-qts55","kind":"Job","validation":"job-ttl-seconds-after-finished","check_description":"Indicates when standalone jobs do not set ttlSecondsAfterFinished and when jobs managed by cronjob do set ttlSecondsAfterFinished.","check_remediation":"Set Job.spec.ttlSecondsAfterFinished. Unset CronJob.Spec.JobTemplate.Spec.ttlSecondsAfterFinished.","check_failure_reason":"Standalone Job does not specify ttlSecondsAfterFinished"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"segment-backup-installation-qts55","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"segment-backup-installation-qts55","kind":"Job","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"rhtas-segment-backup-job\" not found"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"segment-backup-installation-qts55","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"segment-backup-installation-qts55","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"segment-backup-installation\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"segment-backup-installation-qts55","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"segment-backup-installation\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"segment-backup-installation-qts55","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"segment-backup-installation\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=trillian-logsigner,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-logsigner,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=67c499f58f"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"wait-for-trillian-db\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"wait-for-trillian-db\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"trillian-logsigner\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"trillian-logsigner\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"trillian-logsigner\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"trillian-logsigner\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"trillian-logsigner\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"liveness-port","check_description":"Indicates when containers have a liveness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the liveness probe.","check_failure_reason":"container \"trillian-logsigner\" does not expose port 8090 for the HTTPGet"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"trillian-logsigner\" not found"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"readiness-port","check_description":"Indicates when containers have a readiness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the readiness probe.","check_failure_reason":"container \"trillian-logsigner\" does not expose port 8090 for the HTTPGet"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"wait-for-trillian-db\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"trillian-logsigner\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"wait-for-trillian-db\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"trillian-logsigner\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"wait-for-trillian-db\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"trillian-logsigner\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=fulcio,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=fulcio-server,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"fulcio-server\" is referring to an unknown secret \"fulcio-cert-trusted-artifact-signer226p4\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"fulcio\" not found"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"fulcio-server\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"fulcio-server\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"fulcio-server\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"fulcio-server\" is referring to an unknown secret \"fulcio-cert-trusted-artifact-signer226p4\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"fulcio\" not found"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"fulcio-server\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"fulcio-server\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"fulcio-server\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":7,"labels":"app.kubernetes.io/component=trillian-logsigner,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-logsigner,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"wait-for-trillian-db\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"wait-for-trillian-db\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"trillian-logsigner\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"trillian-logsigner\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"trillian-logsigner\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"trillian-logsigner\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"trillian-logsigner\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"liveness-port","check_description":"Indicates when containers have a liveness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the liveness probe.","check_failure_reason":"container \"trillian-logsigner\" does not expose port 8090 for the HTTPGet"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"readiness-port","check_description":"Indicates when containers have a readiness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the readiness probe.","check_failure_reason":"container \"trillian-logsigner\" does not expose port 8090 for the HTTPGet"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"wait-for-trillian-db\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"trillian-logsigner\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"wait-for-trillian-db\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"trillian-logsigner\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"wait-for-trillian-db\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"trillian-logsigner\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"wait-for-trillian-db\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"wait-for-trillian-db\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"trillian-logsigner\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"trillian-logsigner\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"trillian-logsigner\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"trillian-logsigner\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"trillian-logsigner\" is referring to an unknown secret \"trillian-db-connection-n6429\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"liveness-port","check_description":"Indicates when containers have a liveness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the liveness probe.","check_failure_reason":"container \"trillian-logsigner\" does not expose port 8090 for the HTTPGet"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"readiness-port","check_description":"Indicates when containers have a readiness probe to a not exposed port.","check_remediation":"Check which ports you've exposed and ensure they match what you have specified in the readiness probe.","check_failure_reason":"container \"trillian-logsigner\" does not expose port 8090 for the HTTPGet"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"wait-for-trillian-db\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"trillian-logsigner\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"wait-for-trillian-db\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"trillian-logsigner\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"wait-for-trillian-db\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logsigner","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"trillian-logsigner\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=fulcio,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=fulcio-server,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=84ffc7d87c"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"fulcio-server\" is referring to an unknown secret \"fulcio-cert-trusted-artifact-signer226p4\""}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"fulcio\" not found"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"fulcio-server\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"fulcio-server","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"fulcio-server\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=trillian-db,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-db,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=6856b5cb5b"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":4,"labels":"app.kubernetes.io/component=createtree,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=ctlog,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=fulcio,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=fulcio,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=backfill-redis,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-backfill,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=rekor-redis,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-redis,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=rekor-search-ui,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-ui,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=segment-backup-installation,app.kubernetes.io/instance-namespace=tsf-tas,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=segment-backup-nightly-metrics,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=rekor-server,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":6,"labels":"app.kubernetes.io/component=trillian-db,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-db,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=trillian-logserver,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-logserver,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=6ccd978ff4"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=trillian-logserver,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-logserver,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"trillian-logserver","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"trillian-logserver\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=segment-backup-installation,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=segment-backup-installation,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":2,"labels":"batch.kubernetes.io/controller-uid=72786fd8-d155-4ac5-9d87-12a809dee356,batch.kubernetes.io/job-name=rekor-createtree-job-4l8mc,controller-uid=72786fd8-d155-4ac5-9d87-12a809dee356,job-name=rekor-createtree-job-4l8mc"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":4,"labels":"app.kubernetes.io/component=createtree,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"info","ts":"2026-05-21T19:50:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"olm.managed=true,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"app.kubernetes.io/component=manager,app.kubernetes.io/created-by=cert-manager-operator,app.kubernetes.io/instance=controller-manager,app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=deployment,app.kubernetes.io/part-of=cert-manager-operator,olm.deployment-spec-hash=3sswK1i6h95ceYyTm9Y8NTcnSqHLcsB2WsCSCq,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=cert-manager-operator,olm.owner=cert-manager-operator.v1.19.0,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=cert-manager-operator,olm.owner=cert-manager-operator.v1.19.0,olm.permissions.hash=jFynzryran0Td5CUgJ3rwrkK6ZdYd35f5iILp,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":2,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=cert-manager-operator,olm.owner=cert-manager-operator.v1.19.0,olm.permissions.hash=5BvcE6aNRl1kjQ4qoZiC75uAhCACnLI6hzXqiT,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":4,"labels":"name=cert-manager-operator,pod-template-hash=5b66478c58"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":2,"labels":"app.kubernetes.io/created-by=cert-manager-operator,app.kubernetes.io/instance=controller-manager-metrics-service,app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=service,app.kubernetes.io/part-of=cert-manager-operator,control-plane=controller-manager,olm.managed=true,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"info","ts":"2026-05-21T19:50:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"trusted-artifact-signer","items":5,"labels":"app.kubernetes.io/component=client-server,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=7d56d9fd65"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"trusted-artifact-signer","items":5,"labels":"app.kubernetes.io/component=client-server,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:50:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"trusted-artifact-signer"}
{"level":"info","ts":"2026-05-21T19:50:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-05-21T19:50:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
I0521 19:50:10.216234       1 request.go:752] "Waited before sending request" delay="1.38141849s" reason="client-side throttling, not priority and fairness" verb="GET" URL="https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/konflux-operator/rolebindings?continue=eyJ2IjoibWV0YS5rOHMuaW8vdjEiLCJydiI6MjQyODEsInN0YXJ0IjoiL3BpcGVsaW5lcy1zY2Mtcm9sZWJpbmRpbmdcdTAwMDAifQ&limit=5"
{"level":"debug","ts":"2026-05-21T19:50:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":3,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=konflux-operator,control-plane=controller-manager,olm.managed=true,operators.coreos.com/konflux-operator.konflux-operator="}
{"level":"debug","ts":"2026-05-21T19:50:10Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"debug","ts":"2026-05-21T19:50:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":1,"labels":"olm.managed=true,operators.coreos.com/konflux-operator.konflux-operator="}
{"level":"debug","ts":"2026-05-21T19:50:10Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"debug","ts":"2026-05-21T19:50:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":2,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=konflux-operator,control-plane=controller-manager,olm.deployment-spec-hash=89feUewdEmmyMoWae71sVKb89hZ8OCO8vfIxce,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=konflux-operator,olm.owner=konflux-operator.v0.1.12,operators.coreos.com/konflux-operator.konflux-operator="}
{"level":"debug","ts":"2026-05-21T19:50:10Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"debug","ts":"2026-05-21T19:50:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":2,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-05-21T19:50:10Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"debug","ts":"2026-05-21T19:50:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=konflux-operator,olm.owner=konflux-operator.v0.1.12,olm.permissions.hash=jFynzryran0Td5CUgJ3rwrkK6ZdYd35f5iILp,operators.coreos.com/konflux-operator.konflux-operator="}
{"level":"debug","ts":"2026-05-21T19:50:10Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"debug","ts":"2026-05-21T19:50:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=konflux-operator,olm.owner=konflux-operator.v0.1.12,olm.permissions.hash=6VkYjWmwqEjnVGzheji50fOML3rUm81RARgZTo,operators.coreos.com/konflux-operator.konflux-operator="}
{"level":"debug","ts":"2026-05-21T19:50:10Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"debug","ts":"2026-05-21T19:50:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":5,"labels":"app.kubernetes.io/name=konflux-operator,control-plane=controller-manager,pod-template-hash=5bf6d87b75"}
{"level":"debug","ts":"2026-05-21T19:50:10Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"info","ts":"2026-05-21T19:50:10Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-05-21T19:50:14Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf","items":3,"labels":"batch.kubernetes.io/controller-uid=db7e22cb-f0f5-4286-839a-cfb515374236,batch.kubernetes.io/job-name=patch-tekton-config,controller-uid=db7e22cb-f0f5-4286-839a-cfb515374236,job-name=patch-tekton-config"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"patch-tekton-config","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"patch-tekton-config","kind":"Job","validation":"job-ttl-seconds-after-finished","check_description":"Indicates when standalone jobs do not set ttlSecondsAfterFinished and when jobs managed by cronjob do set ttlSecondsAfterFinished.","check_remediation":"Set Job.spec.ttlSecondsAfterFinished. Unset CronJob.Spec.JobTemplate.Spec.ttlSecondsAfterFinished.","check_failure_reason":"Standalone Job does not specify ttlSecondsAfterFinished"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"patch-tekton-config","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"patch-tekton-config","kind":"Job","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"patch-tekton-config-sa\" not found"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"patch-tekton-config","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"patch-tekton-config","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"patch-tekton-config\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"patch-tekton-config","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"patch-tekton-config","kind":"Job","validation":"job-ttl-seconds-after-finished","check_description":"Indicates when standalone jobs do not set ttlSecondsAfterFinished and when jobs managed by cronjob do set ttlSecondsAfterFinished.","check_remediation":"Set Job.spec.ttlSecondsAfterFinished. Unset CronJob.Spec.JobTemplate.Spec.ttlSecondsAfterFinished.","check_failure_reason":"Standalone Job does not specify ttlSecondsAfterFinished"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"patch-tekton-config","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"patch-tekton-config","kind":"Job","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"patch-tekton-config-sa\" not found"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"patch-tekton-config","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"patch-tekton-config","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"patch-tekton-config\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf","items":2,"labels":"batch.kubernetes.io/controller-uid=4f2006ba-717d-48d0-8f99-229593ea8e4e,batch.kubernetes.io/job-name=tsf-tekton-configuration,controller-uid=4f2006ba-717d-48d0-8f99-229593ea8e4e,job-name=tsf-tekton-configuration"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"job-ttl-seconds-after-finished","check_description":"Indicates when standalone jobs do not set ttlSecondsAfterFinished and when jobs managed by cronjob do set ttlSecondsAfterFinished.","check_remediation":"Set Job.spec.ttlSecondsAfterFinished. Unset CronJob.Spec.JobTemplate.Spec.ttlSecondsAfterFinished.","check_failure_reason":"Standalone Job does not specify ttlSecondsAfterFinished"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tsf-pipelines\" not found"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"restart-policy","check_description":"Indicates when a deployment-like object does not use a restart policy","check_remediation":"Set up the restart policy for your object to 'Always' or 'OnFailure' to increase the fault tolerance.","check_failure_reason":"object has a restart policy defined with 'Never' but the only accepted restart policies are '[Always OnFailure]'"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"tekton-chains-cosign\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"tekton-chains-cosign\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"tekton-chains-cosign\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf","items":3,"labels":"app.kubernetes.io/managed-by=Helm,helmet.redhat-appstudio.github.com/post-deploy=delete"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf","items":1,"labels":"app.kubernetes.io/instance=tsf-pipelines,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=tsf-pipelines,app.kubernetes.io/version=1.20,helm.sh/chart=tsf-pipelines-0.1.0"}
{"level":"debug","ts":"2026-05-21T19:50:18Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf"}
{"level":"info","ts":"2026-05-21T19:50:18Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
I0521 19:50:20.216548       1 request.go:752] "Waited before sending request" delay="1.87926509s" reason="client-side throttling, not priority and fairness" verb="GET" URL="https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/rhbk-operator/rolebindings?continue=eyJ2IjoibWV0YS5rOHMuaW8vdjEiLCJydiI6MjQ1MjEsInN0YXJ0IjoiL2RlZGljYXRlZC1hZG1pbnMtMVx1MDAwMCJ9&limit=5"
{"level":"debug","ts":"2026-05-21T19:50:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":2,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-05-21T19:50:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-05-21T19:50:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=rhbk-operator,olm.owner=rhbk-operator.v26.4.12-opr.1,olm.permissions.hash=abaw0uIHc78kEtsrZCh8UYCMjDwlvGAGG65tud,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:50:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-05-21T19:50:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":4,"labels":"name=rhbk-operator,pod-template-hash=6fc7dbc666"}
{"level":"debug","ts":"2026-05-21T19:50:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-05-21T19:50:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.managed=true,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:50:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-05-21T19:50:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.deployment-spec-hash=ajtCPjdTLog74BPXdcauP7Cyqs94S6711y20k7,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=rhbk-operator,olm.owner=rhbk-operator.v26.4.12-opr.1,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:50:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-05-21T19:50:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=rhbk-operator,olm.owner=rhbk-operator.v26.4.12-opr.1,olm.permissions.hash=4O0tiObYrrFrlUWdzQmHj2sVWezFneLyYDCeOp,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:50:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"info","ts":"2026-05-21T19:50:22Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:50:24Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"open-cluster-management-2qegn84g18ids9l2o4klqb2qr2p2km0b","items":2,"labels":"open-cluster-management.io/created-by-klusterlet=klusterlet-2qegn84g18ids9l2o4klqb2qr2p2km0b"}
{"level":"debug","ts":"2026-05-21T19:50:24Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"open-cluster-management-2qegn84g18ids9l2o4klqb2qr2p2km0b"}
{"level":"info","ts":"2026-05-21T19:50:24Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":8,"labels":"app.kubernetes.io/instance=keycloak,app.kubernetes.io/managed-by=keycloak-operator,app=keycloak"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-initial-admin\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-initial-admin\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"keycloak\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"keycloak\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-initial-admin\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-initial-admin\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"keycloak\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"keycloak\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":1,"labels":"app.kubernetes.io/instance=tsf-iam,app.kubernetes.io/managed-by=keycloak-operator,app=keycloak"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-initial-admin\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-initial-admin\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"job-ttl-seconds-after-finished","check_description":"Indicates when standalone jobs do not set ttlSecondsAfterFinished and when jobs managed by cronjob do set ttlSecondsAfterFinished.","check_remediation":"Set Job.spec.ttlSecondsAfterFinished. Unset CronJob.Spec.JobTemplate.Spec.ttlSecondsAfterFinished.","check_failure_reason":"Standalone Job does not specify ttlSecondsAfterFinished"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"restart-policy","check_description":"Indicates when a deployment-like object does not use a restart policy","check_remediation":"Set up the restart policy for your object to 'Always' or 'OnFailure' to increase the fault tolerance.","check_failure_reason":"object has a restart policy defined with 'Never' but the only accepted restart policies are '[Always OnFailure]'"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"keycloak\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"keycloak\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":1,"labels":"olm.copiedFrom=rhbk-operator,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-keycloak,olm.owner=rhbk-operator.v26.4.12-opr.1,olm.permissions.hash=4O0tiObYrrFrlUWdzQmHj2sVWezFneLyYDCeOp,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-keycloak"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":1,"labels":"olm.copiedFrom=rhbk-operator,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-keycloak,olm.owner=rhbk-operator.v26.4.12-opr.1,olm.permissions.hash=abaw0uIHc78kEtsrZCh8UYCMjDwlvGAGG65tud,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-keycloak"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":4,"labels":"app.kubernetes.io/managed-by=Helm"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"Service","validation":"dangling-service","check_description":"Indicates when services do not have any associated deployments.","check_remediation":"Confirm that your service's selector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching service labels (map[app:keycloak app.kubernetes.io/instance:keycloak app.kubernetes.io/managed-by:keycloak-operator])"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":6,"labels":"app.kubernetes.io/component=server,app.kubernetes.io/instance=keycloak,app.kubernetes.io/managed-by=keycloak-operator,app=keycloak,apps.kubernetes.io/pod-index=0,controller-revision-hash=keycloak-5f9545f4d8,statefulset.kubernetes.io/pod-name=keycloak-0"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-initial-admin\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-initial-admin\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"keycloak\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak","kind":"StatefulSet","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"keycloak\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":5,"labels":"app=keycloak-pgsql-bee,phase=reference,pod-template-hash=744f6fc4d9"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"pgsql-bee\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"keycloak-pgsql-bee","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":2,"labels":"app.kubernetes.io/component=server,app.kubernetes.io/instance=keycloak,app.kubernetes.io/managed-by=keycloak-operator,app=keycloak-realm-import,batch.kubernetes.io/controller-uid=53b6c327-e803-4ff1-949d-0a18cc2679c7,batch.kubernetes.io/job-name=tsf-iam,controller-uid=53b6c327-e803-4ff1-949d-0a18cc2679c7,job-name=tsf-iam"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-initial-admin\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"keycloak\" is referring to an unknown secret \"keycloak-initial-admin\""}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"job-ttl-seconds-after-finished","check_description":"Indicates when standalone jobs do not set ttlSecondsAfterFinished and when jobs managed by cronjob do set ttlSecondsAfterFinished.","check_remediation":"Set Job.spec.ttlSecondsAfterFinished. Unset CronJob.Spec.JobTemplate.Spec.ttlSecondsAfterFinished.","check_failure_reason":"Standalone Job does not specify ttlSecondsAfterFinished"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"restart-policy","check_description":"Indicates when a deployment-like object does not use a restart policy","check_remediation":"Set up the restart policy for your object to 'Always' or 'OnFailure' to increase the fault tolerance.","check_failure_reason":"object has a restart policy defined with 'Never' but the only accepted restart policies are '[Always OnFailure]'"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"keycloak\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:50:28Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-keycloak","object":"tsf-iam","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"keycloak\" has cpu request 0"}
{"level":"info","ts":"2026-05-21T19:50:28Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
I0521 19:50:32.217022       1 request.go:752] "Waited before sending request" delay="1.997051492s" reason="client-side throttling, not priority and fairness" verb="GET" URL="https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/cert-manager/rolebindings?continue=eyJ2IjoibWV0YS5rOHMuaW8vdjEiLCJydiI6MjQ3NzYsInN0YXJ0IjoiL3N5c3RlbTpkZXBsb3llcnNcdTAwMDAifQ&limit=5"
{"level":"debug","ts":"2026-05-21T19:50:32Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":5,"labels":"app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector,app.kubernetes.io/version=v1.19.4,app=cainjector,pod-template-hash=5d99449ffd"}
{"level":"debug","ts":"2026-05-21T19:50:32Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager"}
{"level":"debug","ts":"2026-05-21T19:50:32Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":5,"labels":"app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook,app.kubernetes.io/version=v1.19.4,app=webhook,pod-template-hash=7dc76cbb94"}
{"level":"debug","ts":"2026-05-21T19:50:32Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager"}
{"level":"debug","ts":"2026-05-21T19:50:32Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":7,"labels":"app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,app.kubernetes.io/version=v1.19.4,app=cert-manager"}
{"level":"debug","ts":"2026-05-21T19:50:32Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager"}
{"level":"debug","ts":"2026-05-21T19:50:32Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":5,"labels":"app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector,app.kubernetes.io/version=v1.19.4,app=cainjector"}
{"level":"debug","ts":"2026-05-21T19:50:32Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager"}
{"level":"debug","ts":"2026-05-21T19:50:32Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":7,"labels":"app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook,app.kubernetes.io/version=v1.19.4,app=webhook"}
{"level":"debug","ts":"2026-05-21T19:50:32Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager"}
{"level":"debug","ts":"2026-05-21T19:50:32Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":5,"labels":"app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,app.kubernetes.io/version=v1.19.4,app=cert-manager,pod-template-hash=59c77684cc"}
{"level":"debug","ts":"2026-05-21T19:50:32Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager"}
{"level":"info","ts":"2026-05-21T19:50:32Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-05-21T19:50:34Z","logger":"GenericReconciler","msg":"Reconciliation loop has ended"}
{"level":"info","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciliation loop has started"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":1,"Group":"apps","Version":"v1","Kind":"StatefulSet"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":2,"Group":"","Version":"v1","Kind":"Service"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":3,"Group":"networking.k8s.io","Version":"v1","Kind":"Ingress"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":4,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRoleBinding"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":5,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"Role"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":6,"Group":"policy","Version":"v1","Kind":"PodDisruptionBudget"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":7,"Group":"apps","Version":"v1","Kind":"Deployment"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":8,"Group":"autoscaling","Version":"v1","Kind":"HorizontalPodAutoscaler"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":9,"Group":"","Version":"v1","Kind":"ServiceAccount"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":10,"Group":"networking.k8s.io","Version":"v1","Kind":"NetworkPolicy"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":11,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRole"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":12,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"RoleBinding"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":13,"Group":"","Version":"v1","Kind":"PersistentVolumeClaim"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":14,"Group":"batch","Version":"v1","Kind":"CronJob"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":15,"Group":"batch","Version":"v1","Kind":"Job"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":16,"Group":"apps.openshift.io","Version":"v1","Kind":"DeploymentConfig"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":17,"Group":"apps","Version":"v1","Kind":"ReplicaSet"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":18,"Group":"","Version":"v1","Kind":"Pod"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":19,"Group":"","Version":"v1","Kind":"ReplicationController"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"apiResource","no":20,"Group":"apps","Version":"v1","Kind":"DaemonSet"}
{"level":"info","ts":"2026-05-21T19:52:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":8,"labels":"app.kubernetes.io/instance=keycloak,app.kubernetes.io/managed-by=keycloak-operator,app=keycloak"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-keycloak"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":1,"labels":"app.kubernetes.io/instance=tsf-iam,app.kubernetes.io/managed-by=keycloak-operator,app=keycloak"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-keycloak"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":1,"labels":"olm.copiedFrom=rhbk-operator,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-keycloak,olm.owner=rhbk-operator.v26.4.12-opr.1,olm.permissions.hash=4O0tiObYrrFrlUWdzQmHj2sVWezFneLyYDCeOp,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-keycloak"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":1,"labels":"olm.copiedFrom=rhbk-operator,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-keycloak,olm.owner=rhbk-operator.v26.4.12-opr.1,olm.permissions.hash=abaw0uIHc78kEtsrZCh8UYCMjDwlvGAGG65tud,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-keycloak"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":4,"labels":"app.kubernetes.io/managed-by=Helm"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-keycloak"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":6,"labels":"app.kubernetes.io/component=server,app.kubernetes.io/instance=keycloak,app.kubernetes.io/managed-by=keycloak-operator,app=keycloak,apps.kubernetes.io/pod-index=0,controller-revision-hash=keycloak-5f9545f4d8,statefulset.kubernetes.io/pod-name=keycloak-0"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-keycloak"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":5,"labels":"app=keycloak-pgsql-bee,phase=reference,pod-template-hash=744f6fc4d9"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-keycloak"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-keycloak","items":2,"labels":"app.kubernetes.io/component=server,app.kubernetes.io/instance=keycloak,app.kubernetes.io/managed-by=keycloak-operator,app=keycloak-realm-import,batch.kubernetes.io/controller-uid=53b6c327-e803-4ff1-949d-0a18cc2679c7,batch.kubernetes.io/job-name=tsf-iam,controller-uid=53b6c327-e803-4ff1-949d-0a18cc2679c7,job-name=tsf-iam"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-keycloak"}
{"level":"info","ts":"2026-05-21T19:52:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":5,"labels":"app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook,app.kubernetes.io/version=v1.19.4,app=webhook,pod-template-hash=7dc76cbb94"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":7,"labels":"app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,app.kubernetes.io/version=v1.19.4,app=cert-manager"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":5,"labels":"app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector,app.kubernetes.io/version=v1.19.4,app=cainjector"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":7,"labels":"app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook,app.kubernetes.io/version=v1.19.4,app=webhook"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":5,"labels":"app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,app.kubernetes.io/version=v1.19.4,app=cert-manager,pod-template-hash=59c77684cc"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager","items":5,"labels":"app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector,app.kubernetes.io/version=v1.19.4,app=cainjector,pod-template-hash=5d99449ffd"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager"}
{"level":"info","ts":"2026-05-21T19:52:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-05-21T19:52:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"integration-service","items":5,"labels":"control-plane=controller-manager,konflux.konflux-ci.dev/component=integration,konflux.konflux-ci.dev/owner=konflux-integration-service"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-controller-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-controller-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-controller-manager","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-controller-manager","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"integration-service-controller-manager\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-controller-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-controller-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-controller-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-controller-manager","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-controller-manager","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"integration-service-controller-manager\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-controller-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"integration-service","items":1,"labels":"app.kubernetes.io/component=webhook,app.kubernetes.io/created-by=integration-service,app.kubernetes.io/instance=webhook-service,app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=service,app.kubernetes.io/part-of=integration-service,konflux.konflux-ci.dev/component=integration,konflux.konflux-ci.dev/owner=konflux-integration-service"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"integration-service"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"integration-service","items":5,"labels":"konflux.konflux-ci.dev/component=integration,konflux.konflux-ci.dev/owner=konflux-integration-service"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-snapshot-garbage-collector","kind":"CronJob","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-snapshot-garbage-collector","kind":"CronJob","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-snapshot-garbage-collector","kind":"CronJob","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-snapshot-garbage-collector","kind":"CronJob","validation":"restart-policy","check_description":"Indicates when a deployment-like object does not use a restart policy","check_remediation":"Set up the restart policy for your object to 'Always' or 'OnFailure' to increase the fault tolerance.","check_failure_reason":"object has a restart policy defined with 'Never' but the only accepted restart policies are '[Always OnFailure]'"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"integration-service","items":2,"labels":"control-plane=controller-manager,pod-template-hash=7b666bf6d8"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"integration-service","items":6,"labels":"control-plane=controller-manager,pod-template-hash=86bd4fdd64"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-controller-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-controller-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-controller-manager","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-controller-manager","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"integration-service-controller-manager\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"integration-service","object":"integration-service-controller-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"info","ts":"2026-05-21T19:52:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"image-controller","items":5,"labels":"control-plane=controller-manager,pod-template-hash=6f859968fc"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"image-controller","object":"image-controller-controller-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"image-controller","object":"image-controller-controller-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"image-controller","object":"image-controller-controller-manager","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"image-controller","object":"image-controller-controller-manager","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"image-controller-controller-manager\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"image-controller","object":"image-controller-controller-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"image-controller","items":4,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=image-controller,control-plane=controller-manager,konflux.konflux-ci.dev/component=image-controller,konflux.konflux-ci.dev/owner=konflux-image-controller"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"image-controller"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"image-controller","items":3,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=image-controller,konflux.konflux-ci.dev/component=image-controller,konflux.konflux-ci.dev/owner=konflux-image-controller"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"image-controller","items":2,"labels":"konflux.konflux-ci.dev/component=image-controller,konflux.konflux-ci.dev/owner=konflux-image-controller"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"image-controller","object":"image-controller-image-pruner-cronjob","kind":"CronJob","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"image-controller","object":"image-controller-image-pruner-cronjob","kind":"CronJob","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"image-pruner\" is referring to an unknown secret \"quaytoken\""}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"image-controller","object":"image-controller-image-pruner-cronjob","kind":"CronJob","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"image-pruner\" is referring to an unknown secret \"quaytoken\""}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"image-controller","object":"image-controller-image-pruner-cronjob","kind":"CronJob","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"image-controller","object":"image-controller-image-pruner-cronjob","kind":"CronJob","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"image-controller","object":"image-controller-notification-resetter-cronjob","kind":"CronJob","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"image-controller","object":"image-controller-notification-resetter-cronjob","kind":"CronJob","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"notification-resetter\" is referring to an unknown secret \"quaytoken\""}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"image-controller","object":"image-controller-notification-resetter-cronjob","kind":"CronJob","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"notification-resetter\" is referring to an unknown secret \"quaytoken\""}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"image-controller","object":"image-controller-notification-resetter-cronjob","kind":"CronJob","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:08Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"image-controller","object":"image-controller-notification-resetter-cronjob","kind":"CronJob","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"info","ts":"2026-05-21T19:52:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
I0521 19:52:10.222513       1 request.go:752] "Waited before sending request" delay="1.37824882s" reason="client-side throttling, not priority and fairness" verb="GET" URL="https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/build-service/rolebindings?continue=eyJ2IjoibWV0YS5rOHMuaW8vdjEiLCJydiI6Mjc4ODQsInN0YXJ0IjoiL3N5c3RlbTpkZXBsb3llcnNcdTAwMDAifQ&limit=5"
{"level":"debug","ts":"2026-05-21T19:52:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"build-service","items":3,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=build-service,konflux.konflux-ci.dev/component=build-service,konflux.konflux-ci.dev/owner=konflux-build-service"}
{"level":"debug","ts":"2026-05-21T19:52:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"build-service","items":2,"labels":"konflux.konflux-ci.dev/component=build-service,konflux.konflux-ci.dev/owner=konflux-build-service"}
{"level":"debug","ts":"2026-05-21T19:52:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"build-service","items":5,"labels":"control-plane=controller-manager,pod-template-hash=7cbf488fcf"}
{"level":"debug","ts":"2026-05-21T19:52:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"build-service","object":"build-service-controller-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"build-service","object":"build-service-controller-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"build-service","object":"build-service-controller-manager","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"build-service","object":"build-service-controller-manager","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"build-service-controller-manager\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:10Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"build-service","object":"build-service-controller-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"build-service","items":4,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=build-service,control-plane=controller-manager,konflux.konflux-ci.dev/component=build-service,konflux.konflux-ci.dev/owner=konflux-build-service"}
{"level":"debug","ts":"2026-05-21T19:52:10Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"build-service"}
{"level":"info","ts":"2026-05-21T19:52:10Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:52:14Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"release-service","items":6,"labels":"control-plane=controller-manager,pod-template-hash=6bfdb6bcb6"}
{"level":"debug","ts":"2026-05-21T19:52:14Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"release-service","object":"release-service-controller-manager","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:14Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"release-service","object":"release-service-controller-manager","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:14Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"release-service","object":"release-service-controller-manager","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:14Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"release-service","object":"release-service-controller-manager","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"release-service-controller-manager\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:14Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"release-service","object":"release-service-controller-manager","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:14Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"release-service","items":4,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=test,control-plane=controller-manager,konflux.konflux-ci.dev/component=release,konflux.konflux-ci.dev/owner=konflux-release-service"}
{"level":"debug","ts":"2026-05-21T19:52:14Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"release-service"}
{"level":"debug","ts":"2026-05-21T19:52:14Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"release-service","items":5,"labels":"konflux.konflux-ci.dev/component=release,konflux.konflux-ci.dev/owner=konflux-release-service"}
{"level":"debug","ts":"2026-05-21T19:52:14Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"release-service","object":"release-service-webhook-service","kind":"Service","validation":"dangling-service","check_description":"Indicates when services do not have any associated deployments.","check_remediation":"Confirm that your service's selector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching service labels (map[control-plane:controller-manager])"}
{"level":"debug","ts":"2026-05-21T19:52:14Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"release-service","items":2,"labels":"control-plane=controller-manager,konflux.konflux-ci.dev/component=release,konflux.konflux-ci.dev/owner=konflux-release-service"}
{"level":"debug","ts":"2026-05-21T19:52:14Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"release-service"}
{"level":"info","ts":"2026-05-21T19:52:14Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":2,"labels":"app.kubernetes.io/component=importer,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=importer,app.kubernetes.io/part-of=trustify,app.kubernetes.io/version=2.2.4"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"service\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"service\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"service\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"service\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"type=importer-working-directory"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=storage,app.kubernetes.io/part-of=trustify,app.kubernetes.io/version=2.2.4"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":3,"labels":"app.kubernetes.io/managed-by=Helm"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":4,"labels":"app.kubernetes.io/component=importer,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/name=importer,pod-template-hash=86bcdf477b"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"service\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"service\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":2,"labels":"app.kubernetes.io/component=database,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/name=migrate-db,batch.kubernetes.io/controller-uid=dde5772b-7975-4861-8ce2-f37d33e197d8,batch.kubernetes.io/job-name=migrate-db,controller-uid=dde5772b-7975-4861-8ce2-f37d33e197d8,job-name=migrate-db"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"job\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"job\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"job\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":5,"labels":"app.kubernetes.io/component=server,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/name=server,pod-template-hash=94577c4f9"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"service\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"service\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-tpa,olm.owner=rhtpa-operator.v1.1.4,olm.permissions.hash=aFImzaN7XMTLc0qsAWHiSsv2PNOJPMjP0l04oA,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":5,"labels":"app=tpa-pgsql-bee,phase=reference,pod-template-hash=5df6ff8bdf"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":5,"labels":"app.kubernetes.io/component=server,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=server,app.kubernetes.io/part-of=trustify,app.kubernetes.io/version=2.2.4"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"service\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"service\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"service\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"service\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"olm.managed=true,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":2,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=rhtpa-operator,control-plane=controller-manager,olm.deployment-spec-hash=61NDiU2koxxLCzAl6gIAYLCVnf76UPkRYTqw81,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-tpa,olm.owner=rhtpa-operator.v1.1.4,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"app.kubernetes.io/component=database,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=create-db,app.kubernetes.io/part-of=trustify,app.kubernetes.io/version=2.2.4"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"job\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"job\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"job\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"app.kubernetes.io/component=database,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=create-importers,app.kubernetes.io/part-of=trustify,app.kubernetes.io/version=2.2.4"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"job\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":4,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-tpa,olm.owner=rhtpa-operator.v1.1.4,olm.permissions.hash=89zmJTEa8x4dF5PYcd2jJAXBQdRMGCux5nsqKM,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":2,"labels":"app.kubernetes.io/component=database,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/name=create-importers,batch.kubernetes.io/controller-uid=ce81e3ed-562a-4fc3-aa71-82c6770bdbbd,batch.kubernetes.io/job-name=create-importers,controller-uid=ce81e3ed-562a-4fc3-aa71-82c6770bdbbd,job-name=create-importers"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":5,"labels":"control-plane=controller-manager,pod-template-hash=586cbb496b"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"app.kubernetes.io/component=database,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=migrate-db,app.kubernetes.io/part-of=trustify,app.kubernetes.io/version=2.2.4"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":2,"labels":"app.kubernetes.io/component=database,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/name=create-db,batch.kubernetes.io/controller-uid=cc20e457-2ba5-4365-94f8-7753a9973363,batch.kubernetes.io/job-name=create-db,controller-uid=cc20e457-2ba5-4365-94f8-7753a9973363,job-name=create-db"}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":3,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=rhtpa-operator,control-plane=controller-manager,olm.managed=true,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:52:18Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"info","ts":"2026-05-21T19:52:18Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
I0521 19:52:20.222775       1 request.go:752] "Waited before sending request" delay="1.814896696s" reason="client-side throttling, not priority and fairness" verb="GET" URL="https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/tsf-tas/rolebindings?continue=eyJ2IjoibWV0YS5rOHMuaW8vdjEiLCJydiI6Mjc5OTAsInN0YXJ0IjoiL2RlZGljYXRlZC1hZG1pbnMtMFx1MDAwMCJ9&limit=5"
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":2,"labels":"batch.kubernetes.io/controller-uid=18e28d6e-e122-4929-bbf9-ac1c797a9c70,batch.kubernetes.io/job-name=segment-backup-installation-qts55,controller-uid=18e28d6e-e122-4929-bbf9-ac1c797a9c70,job-name=segment-backup-installation-qts55"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=rekor-ui,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-search-ui,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"rekor-ui\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"rekor-search-ui\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"rekor-search-ui\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"rekor-search-ui\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"rekor-ui\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"rekor-search-ui\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"rekor-search-ui\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"rekor-search-ui\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=tuf,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=tuf-repository-init,app.kubernetes.io/part-of=trusted-artifact-signer,rhtas.redhat.com/resource=tuf"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"job-ttl-seconds-after-finished","check_description":"Indicates when standalone jobs do not set ttlSecondsAfterFinished and when jobs managed by cronjob do set ttlSecondsAfterFinished.","check_remediation":"Set Job.spec.ttlSecondsAfterFinished. Unset CronJob.Spec.JobTemplate.Spec.ttlSecondsAfterFinished.","check_failure_reason":"Standalone Job does not specify ttlSecondsAfterFinished"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tuf-repository-init\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"restart-policy","check_description":"Indicates when a deployment-like object does not use a restart policy","check_remediation":"Set up the restart policy for your object to 'Always' or 'OnFailure' to increase the fault tolerance.","check_failure_reason":"object has a restart policy defined with 'Never' but the only accepted restart policies are '[Always OnFailure]'"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"tuf-init\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"tuf-init\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=rekor-redis,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-redis,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"rekor-redis\" is referring to an unknown secret \"redis-password-trusted-artifact-signerpknfc\""}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"enable-tls\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"rekor-redis\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"enable-tls\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"rekor-redis\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"enable-tls\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"rekor-redis\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"rekor-redis\" is referring to an unknown secret \"redis-password-trusted-artifact-signerpknfc\""}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"enable-tls\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"rekor-redis\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"enable-tls\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"rekor-redis\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"enable-tls\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-redis","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"rekor-redis\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=rekor-ui,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-search-ui,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=77d75bc5d9"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"rekor-ui\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"rekor-search-ui\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"rekor-search-ui\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"rekor-search-ui","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"rekor-search-ui\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=ctlog,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=ctlog,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"ctlog\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"ctlog\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"ctlog\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"ctlog\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"ctlog\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"ctlog\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=backfill-redis,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-backfill,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":2,"labels":"app.kubernetes.io/component=tuf,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=tuf-repository-init,app.kubernetes.io/part-of=trusted-artifact-signer,batch.kubernetes.io/controller-uid=901f5e0d-fef0-44a4-be85-d8f18a343f32,batch.kubernetes.io/job-name=tuf-repository-init-47sgc,controller-uid=901f5e0d-fef0-44a4-be85-d8f18a343f32,job-name=tuf-repository-init-47sgc,rhtas.redhat.com/resource=tuf"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"job-ttl-seconds-after-finished","check_description":"Indicates when standalone jobs do not set ttlSecondsAfterFinished and when jobs managed by cronjob do set ttlSecondsAfterFinished.","check_remediation":"Set Job.spec.ttlSecondsAfterFinished. Unset CronJob.Spec.JobTemplate.Spec.ttlSecondsAfterFinished.","check_failure_reason":"Standalone Job does not specify ttlSecondsAfterFinished"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tuf-repository-init\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"restart-policy","check_description":"Indicates when a deployment-like object does not use a restart policy","check_remediation":"Set up the restart policy for your object to 'Always' or 'OnFailure' to increase the fault tolerance.","check_failure_reason":"object has a restart policy defined with 'Never' but the only accepted restart policies are '[Always OnFailure]'"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"tuf-init\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf-repository-init-47sgc","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"tuf-init\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":4,"labels":"app.kubernetes.io/component=createtree,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=ctlog,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog-createtree-job-9h8k2","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog-createtree-job-9h8k2","kind":"Job","validation":"job-ttl-seconds-after-finished","check_description":"Indicates when standalone jobs do not set ttlSecondsAfterFinished and when jobs managed by cronjob do set ttlSecondsAfterFinished.","check_remediation":"Set Job.spec.ttlSecondsAfterFinished. Unset CronJob.Spec.JobTemplate.Spec.ttlSecondsAfterFinished.","check_failure_reason":"Standalone Job does not specify ttlSecondsAfterFinished"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog-createtree-job-9h8k2","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog-createtree-job-9h8k2","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog-createtree-job-9h8k2","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"createtree\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog-createtree-job-9h8k2","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"createtree\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog-createtree-job-9h8k2","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"createtree\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=rekor-search-ui,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-ui,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":3,"labels":"app.kubernetes.io/component=tuf,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=tuf-repository-init,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=trillian-logserver,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-logserver,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=fulcio,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=fulcio,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=rekor-server,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=trillian-logsigner,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-logsigner,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=67c499f58f"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=ctlog,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=ctlog,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=855845d9b9"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"ctlog\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"ctlog\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"ctlog\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"ctlog","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"ctlog\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=fulcio,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=fulcio-server,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=84ffc7d87c"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=segment-backup-installation,app.kubernetes.io/instance-namespace=tsf-tas,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=segment-backup-nightly-metrics,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=backfill-redis,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=backfill-redis,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"backfill-redis","kind":"CronJob","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"backfill-redis","kind":"CronJob","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"backfill-redis\" is referring to an unknown secret \"redis-password-trusted-artifact-signerpknfc\""}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"backfill-redis","kind":"CronJob","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"backfill-redis","kind":"CronJob","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"rekor\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"backfill-redis","kind":"CronJob","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"backfill-redis","kind":"CronJob","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"backfill-redis\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"backfill-redis","kind":"CronJob","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"backfill-redis\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"backfill-redis","kind":"CronJob","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"backfill-redis\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=tuf,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=tuf,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=97fc8ff76"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tas","object":"tuf","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":7,"labels":"app.kubernetes.io/component=trillian-logsigner,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-logsigner,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=segment-backup-installation,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=segment-backup-installation,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=trillian-db,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-db,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=6856b5cb5b"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":7,"labels":"app.kubernetes.io/component=tuf,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=tuf,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":2,"labels":"batch.kubernetes.io/controller-uid=ad34665a-667b-449f-a803-667cab849e9e,batch.kubernetes.io/job-name=ctlog-createtree-job-9h8k2,controller-uid=ad34665a-667b-449f-a803-667cab849e9e,job-name=ctlog-createtree-job-9h8k2"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":2,"labels":"batch.kubernetes.io/controller-uid=72786fd8-d155-4ac5-9d87-12a809dee356,batch.kubernetes.io/job-name=rekor-createtree-job-4l8mc,controller-uid=72786fd8-d155-4ac5-9d87-12a809dee356,job-name=rekor-createtree-job-4l8mc"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=rekor-server,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-server,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=76758ffb66"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=trillian-logserver,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-logserver,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=6ccd978ff4"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=fulcio,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=fulcio-server,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":4,"labels":"app.kubernetes.io/component=createtree,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":6,"labels":"app.kubernetes.io/component=rekor-server,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-server,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":6,"labels":"app.kubernetes.io/component=trillian-db,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-db,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:52:22Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=rekor-redis,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-redis,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=54fbdd6fc6"}
{"level":"info","ts":"2026-05-21T19:52:22Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:52:26Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=cert-manager-operator,olm.owner=cert-manager-operator.v1.19.0,olm.permissions.hash=jFynzryran0Td5CUgJ3rwrkK6ZdYd35f5iILp,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:52:26Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:52:26Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":2,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-05-21T19:52:26Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:52:26Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=cert-manager-operator,olm.owner=cert-manager-operator.v1.19.0,olm.permissions.hash=5BvcE6aNRl1kjQ4qoZiC75uAhCACnLI6hzXqiT,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:52:26Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:52:26Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":4,"labels":"name=cert-manager-operator,pod-template-hash=5b66478c58"}
{"level":"debug","ts":"2026-05-21T19:52:26Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:52:26Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":2,"labels":"app.kubernetes.io/created-by=cert-manager-operator,app.kubernetes.io/instance=controller-manager-metrics-service,app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=service,app.kubernetes.io/part-of=cert-manager-operator,control-plane=controller-manager,olm.managed=true,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:52:26Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:52:26Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"olm.managed=true,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:52:26Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:52:26Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"app.kubernetes.io/component=manager,app.kubernetes.io/created-by=cert-manager-operator,app.kubernetes.io/instance=controller-manager,app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=deployment,app.kubernetes.io/part-of=cert-manager-operator,olm.deployment-spec-hash=3sswK1i6h95ceYyTm9Y8NTcnSqHLcsB2WsCSCq,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=cert-manager-operator,olm.owner=cert-manager-operator.v1.19.0,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:52:26Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"info","ts":"2026-05-21T19:52:26Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:52:30Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-info","items":2,"labels":"konflux.konflux-ci.dev/component=info,konflux.konflux-ci.dev/owner=konflux-info"}
{"level":"info","ts":"2026-05-21T19:52:30Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
I0521 19:52:32.222784       1 request.go:752] "Waited before sending request" delay="1.883935739s" reason="client-side throttling, not priority and fairness" verb="GET" URL="https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/segment-bridge/rolebindings?continue=eyJ2IjoibWV0YS5rOHMuaW8vdjEiLCJydiI6MjgxMjksInN0YXJ0IjoiL2RlZGljYXRlZC1hZG1pbnMtYWxlcnQtcm91dGluZy1lZGl0LTBcdTAwMDAifQ&limit=5"
{"level":"debug","ts":"2026-05-21T19:52:32Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"segment-bridge","items":2,"labels":"app.kubernetes.io/name=segment-bridge,konflux.konflux-ci.dev/component=segment-bridge,konflux.konflux-ci.dev/owner=konflux-segment-bridge"}
{"level":"debug","ts":"2026-05-21T19:52:32Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"segment-bridge","object":"segment-bridge","kind":"CronJob","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:32Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"segment-bridge","object":"segment-bridge","kind":"CronJob","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:32Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"segment-bridge","object":"segment-bridge","kind":"CronJob","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"info","ts":"2026-05-21T19:52:32Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:52:34Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"trusted-artifact-signer","items":5,"labels":"app.kubernetes.io/component=client-server,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:34Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:52:34Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"trusted-artifact-signer","items":5,"labels":"app.kubernetes.io/component=client-server,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=7d56d9fd65"}
{"level":"debug","ts":"2026-05-21T19:52:34Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"trusted-artifact-signer"}
{"level":"info","ts":"2026-05-21T19:52:34Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-05-21T19:52:38Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
I0521 19:52:42.223597       1 request.go:752] "Waited before sending request" delay="1.996050621s" reason="client-side throttling, not priority and fairness" verb="GET" URL="https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/enterprise-contract-service/rolebindings?continue=eyJ2IjoibWV0YS5rOHMuaW8vdjEiLCJydiI6MjgyMzMsInN0YXJ0IjoiL3N5c3RlbTpkZXBsb3llcnNcdTAwMDAifQ&limit=5"
{"level":"debug","ts":"2026-05-21T19:52:42Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"enterprise-contract-service","items":2,"labels":"konflux.konflux-ci.dev/component=enterprise-contract,konflux.konflux-ci.dev/owner=konflux-enterprise-contract"}
{"level":"info","ts":"2026-05-21T19:52:42Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:52:46Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"default-tenant","items":3,"labels":"konflux.konflux-ci.dev/component=default-tenant,konflux.konflux-ci.dev/owner=konflux-default-tenant"}
{"level":"info","ts":"2026-05-21T19:52:46Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:52:48Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"namespace-lister","items":7,"labels":"apps=namespace-lister,pod-template-hash=696b855848"}
{"level":"debug","ts":"2026-05-21T19:52:48Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"namespace-lister","object":"namespace-lister","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:48Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"namespace-lister","object":"namespace-lister","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:48Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"namespace-lister","object":"namespace-lister","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:48Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"namespace-lister","object":"namespace-lister","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"namespace-lister\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:48Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"namespace-lister","object":"namespace-lister-allow-from-konfluxui","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app=proxy)"}
{"level":"debug","ts":"2026-05-21T19:52:48Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"namespace-lister","items":4,"labels":"konflux.konflux-ci.dev/component=namespace-lister,konflux.konflux-ci.dev/owner=konflux-namespace-lister"}
{"level":"debug","ts":"2026-05-21T19:52:48Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"namespace-lister","object":"namespace-lister","kind":"Service","validation":"dangling-service","check_description":"Indicates when services do not have any associated deployments.","check_remediation":"Confirm that your service's selector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching service labels (map[apps:namespace-lister])"}
{"level":"debug","ts":"2026-05-21T19:52:48Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"namespace-lister","object":"namespace-lister-allow-from-konfluxui","kind":"NetworkPolicy","validation":"dangling-networkpolicy","check_description":"Indicates when networkpolicies do not have any associated deployments.","check_remediation":"Confirm that your networkPolicy's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy's podSelector labels ({map[apps:namespace-lister] []}) "}
{"level":"debug","ts":"2026-05-21T19:52:48Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"namespace-lister","object":"namespace-lister-allow-from-konfluxui","kind":"NetworkPolicy","validation":"dangling-networkpolicypeer-podselector","check_description":"Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.","check_remediation":"Confirm that your NetworkPolicy's Ingress/Egress peer's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy rule's podSelector labels (app=proxy)"}
{"level":"debug","ts":"2026-05-21T19:52:48Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"namespace-lister","object":"namespace-lister-allow-to-apiserver","kind":"NetworkPolicy","validation":"dangling-networkpolicy","check_description":"Indicates when networkpolicies do not have any associated deployments.","check_remediation":"Confirm that your networkPolicy's podselector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching networkpolicy's podSelector labels ({map[apps:namespace-lister] []}) "}
{"level":"debug","ts":"2026-05-21T19:52:48Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"namespace-lister","items":4,"labels":"apps=namespace-lister,konflux.konflux-ci.dev/component=namespace-lister,konflux.konflux-ci.dev/owner=konflux-namespace-lister"}
{"level":"debug","ts":"2026-05-21T19:52:48Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"namespace-lister"}
{"level":"info","ts":"2026-05-21T19:52:48Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:52:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":2,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-05-21T19:52:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"debug","ts":"2026-05-21T19:52:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=konflux-operator,olm.owner=konflux-operator.v0.1.12,olm.permissions.hash=jFynzryran0Td5CUgJ3rwrkK6ZdYd35f5iILp,operators.coreos.com/konflux-operator.konflux-operator="}
{"level":"debug","ts":"2026-05-21T19:52:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"debug","ts":"2026-05-21T19:52:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=konflux-operator,olm.owner=konflux-operator.v0.1.12,olm.permissions.hash=6VkYjWmwqEjnVGzheji50fOML3rUm81RARgZTo,operators.coreos.com/konflux-operator.konflux-operator="}
{"level":"debug","ts":"2026-05-21T19:52:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"debug","ts":"2026-05-21T19:52:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":5,"labels":"app.kubernetes.io/name=konflux-operator,control-plane=controller-manager,pod-template-hash=5bf6d87b75"}
{"level":"debug","ts":"2026-05-21T19:52:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"debug","ts":"2026-05-21T19:52:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":3,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=konflux-operator,control-plane=controller-manager,olm.managed=true,operators.coreos.com/konflux-operator.konflux-operator="}
{"level":"debug","ts":"2026-05-21T19:52:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"debug","ts":"2026-05-21T19:52:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":1,"labels":"olm.managed=true,operators.coreos.com/konflux-operator.konflux-operator="}
{"level":"debug","ts":"2026-05-21T19:52:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"debug","ts":"2026-05-21T19:52:52Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-operator","items":2,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=konflux-operator,control-plane=controller-manager,olm.deployment-spec-hash=89feUewdEmmyMoWae71sVKb89hZ8OCO8vfIxce,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=konflux-operator,olm.owner=konflux-operator.v0.1.12,operators.coreos.com/konflux-operator.konflux-operator="}
{"level":"debug","ts":"2026-05-21T19:52:52Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-operator"}
{"level":"info","ts":"2026-05-21T19:52:52Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
I0521 19:52:54.223307       1 request.go:752] "Waited before sending request" delay="1.870929714s" reason="client-side throttling, not priority and fairness" verb="GET" URL="https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/konflux-ui/rolebindings?continue=eyJ2IjoibWV0YS5rOHMuaW8vdjEiLCJydiI6Mjg0MTgsInN0YXJ0IjoiL2RlZGljYXRlZC1hZG1pbnMtMVx1MDAwMCJ9&limit=5"
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-ui","items":2,"labels":"app=proxy,pod-template-hash=74d45566"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-ui","items":5,"labels":"app=dex,pod-template-hash=746c855579"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"dex\" is referring to an unknown secret \"dex-client\""}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"dex\" is referring to an unknown secret \"oauth2-proxy-client-secret\""}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"dex\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-ui","items":5,"labels":"app=proxy,pod-template-hash=6955d545bc"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"proxy","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"proxy","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"oauth2-proxy\" is referring to an unknown secret \"oauth2-proxy-client-secret\""}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"proxy","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"oauth2-proxy\" is referring to an unknown secret \"oauth2-proxy-cookie-secret\""}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"proxy","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"proxy","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"proxy","kind":"Deployment","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"proxy\" not found"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"proxy","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-ui","items":4,"labels":"konflux.konflux-ci.dev/component=ui,konflux.konflux-ci.dev/owner=konflux-ui"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Service","validation":"dangling-service","check_description":"Indicates when services do not have any associated deployments.","check_remediation":"Confirm that your service's selector correctly matches the labels on one of your deployments.","check_failure_reason":"no pods found matching service labels (map[app:dex])"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"konflux-ui","kind":"Ingress","validation":"dangling-ingress","check_description":"Indicates when ingress do not have any associated services.","check_remediation":"Confirm that your ingress's backend correctly matches the name and port on one of your services.","check_failure_reason":"no service found matching ingress label (proxy), port web-tls"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-ui","items":4,"labels":"app=proxy,konflux.konflux-ci.dev/component=ui,konflux.konflux-ci.dev/owner=konflux-ui"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"konflux-ui"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-ui","items":3,"labels":"app=dex,konflux.konflux-ci.dev/component=ui,konflux.konflux-ci.dev/owner=konflux-ui"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"dex\" is referring to an unknown secret \"dex-client\""}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"dex\" is referring to an unknown secret \"oauth2-proxy-client-secret\""}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"dex\" is referring to an unknown secret \"dex-client\""}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"dex\" is referring to an unknown secret \"oauth2-proxy-client-secret\""}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:52:56Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"konflux-ui","object":"dex","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"info","ts":"2026-05-21T19:52:56Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:53:00Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"konflux-cli","items":2,"labels":"konflux.konflux-ci.dev/component=cli,konflux.konflux-ci.dev/owner=konflux-cli"}
{"level":"info","ts":"2026-05-21T19:53:00Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:53:02Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf","items":2,"labels":"batch.kubernetes.io/controller-uid=4f2006ba-717d-48d0-8f99-229593ea8e4e,batch.kubernetes.io/job-name=tsf-tekton-configuration,controller-uid=4f2006ba-717d-48d0-8f99-229593ea8e4e,job-name=tsf-tekton-configuration"}
{"level":"debug","ts":"2026-05-21T19:53:02Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:53:02Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"job-ttl-seconds-after-finished","check_description":"Indicates when standalone jobs do not set ttlSecondsAfterFinished and when jobs managed by cronjob do set ttlSecondsAfterFinished.","check_remediation":"Set Job.spec.ttlSecondsAfterFinished. Unset CronJob.Spec.JobTemplate.Spec.ttlSecondsAfterFinished.","check_failure_reason":"Standalone Job does not specify ttlSecondsAfterFinished"}
{"level":"debug","ts":"2026-05-21T19:53:02Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:53:02Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"non-existent-service-account","check_description":"Indicates when pods reference a service account that is not found.","check_remediation":"Create the missing service account, or refer to an existing service account.","check_failure_reason":"serviceAccount \"tsf-pipelines\" not found"}
{"level":"debug","ts":"2026-05-21T19:53:02Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:53:02Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"restart-policy","check_description":"Indicates when a deployment-like object does not use a restart policy","check_remediation":"Set up the restart policy for your object to 'Always' or 'OnFailure' to increase the fault tolerance.","check_failure_reason":"object has a restart policy defined with 'Never' but the only accepted restart policies are '[Always OnFailure]'"}
{"level":"debug","ts":"2026-05-21T19:53:02Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"tekton-chains-cosign\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:53:02Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"tekton-chains-cosign\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:53:02Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf","object":"tsf-tekton-configuration","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"tekton-chains-cosign\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:53:02Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf","items":1,"labels":"app.kubernetes.io/instance=tsf-pipelines,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=tsf-pipelines,app.kubernetes.io/version=1.20,helm.sh/chart=tsf-pipelines-0.1.0"}
{"level":"debug","ts":"2026-05-21T19:53:02Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf"}
{"level":"info","ts":"2026-05-21T19:53:02Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
I0521 19:53:04.223542       1 request.go:752] "Waited before sending request" delay="1.880934702s" reason="client-side throttling, not priority and fairness" verb="GET" URL="https://172.30.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/rhbk-operator/rolebindings?continue=eyJ2IjoibWV0YS5rOHMuaW8vdjEiLCJydiI6Mjg1MzQsInN0YXJ0IjoiL2RlZGljYXRlZC1hZG1pbnMtMVx1MDAwMCJ9&limit=5"
{"level":"debug","ts":"2026-05-21T19:53:06Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":4,"labels":"name=rhbk-operator,pod-template-hash=6fc7dbc666"}
{"level":"debug","ts":"2026-05-21T19:53:06Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-05-21T19:53:06Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.managed=true,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:53:06Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-05-21T19:53:06Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.deployment-spec-hash=ajtCPjdTLog74BPXdcauP7Cyqs94S6711y20k7,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=rhbk-operator,olm.owner=rhbk-operator.v26.4.12-opr.1,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:53:06Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-05-21T19:53:06Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=rhbk-operator,olm.owner=rhbk-operator.v26.4.12-opr.1,olm.permissions.hash=4O0tiObYrrFrlUWdzQmHj2sVWezFneLyYDCeOp,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:53:06Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-05-21T19:53:06Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":2,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-05-21T19:53:06Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"debug","ts":"2026-05-21T19:53:06Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"rhbk-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=rhbk-operator,olm.owner=rhbk-operator.v26.4.12-opr.1,olm.permissions.hash=abaw0uIHc78kEtsrZCh8UYCMjDwlvGAGG65tud,operators.coreos.com/rhbk-operator.rhbk-operator="}
{"level":"debug","ts":"2026-05-21T19:53:06Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"rhbk-operator"}
{"level":"info","ts":"2026-05-21T19:53:06Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:53:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"open-cluster-management-2qegn84g18ids9l2o4klqb2qr2p2km0b","items":2,"labels":"open-cluster-management.io/created-by-klusterlet=klusterlet-2qegn84g18ids9l2o4klqb2qr2p2km0b"}
{"level":"debug","ts":"2026-05-21T19:53:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"open-cluster-management-2qegn84g18ids9l2o4klqb2qr2p2km0b"}
{"level":"info","ts":"2026-05-21T19:53:08Z","logger":"GenericReconciler","msg":"Reconciliation loop has ended"}
{"level":"info","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"Reconciliation loop has started"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":1,"Group":"apps","Version":"v1","Kind":"StatefulSet"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":2,"Group":"","Version":"v1","Kind":"Service"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":3,"Group":"networking.k8s.io","Version":"v1","Kind":"Ingress"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":4,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRoleBinding"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":5,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"Role"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":6,"Group":"policy","Version":"v1","Kind":"PodDisruptionBudget"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":7,"Group":"apps","Version":"v1","Kind":"Deployment"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":8,"Group":"autoscaling","Version":"v1","Kind":"HorizontalPodAutoscaler"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":9,"Group":"","Version":"v1","Kind":"ServiceAccount"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":10,"Group":"networking.k8s.io","Version":"v1","Kind":"NetworkPolicy"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":11,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRole"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":12,"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"RoleBinding"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":13,"Group":"","Version":"v1","Kind":"PersistentVolumeClaim"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":14,"Group":"batch","Version":"v1","Kind":"CronJob"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":15,"Group":"batch","Version":"v1","Kind":"Job"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":16,"Group":"apps.openshift.io","Version":"v1","Kind":"DeploymentConfig"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":17,"Group":"apps","Version":"v1","Kind":"ReplicaSet"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":18,"Group":"","Version":"v1","Kind":"Pod"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":19,"Group":"","Version":"v1","Kind":"ReplicationController"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"apiResource","no":20,"Group":"apps","Version":"v1","Kind":"DaemonSet"}
{"level":"info","ts":"2026-05-21T19:54:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"release-service","items":2,"labels":"control-plane=controller-manager,konflux.konflux-ci.dev/component=release,konflux.konflux-ci.dev/owner=konflux-release-service"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"release-service"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"release-service","items":6,"labels":"control-plane=controller-manager,pod-template-hash=6bfdb6bcb6"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"release-service"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"release-service","items":4,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=test,control-plane=controller-manager,konflux.konflux-ci.dev/component=release,konflux.konflux-ci.dev/owner=konflux-release-service"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"release-service"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"release-service","items":5,"labels":"konflux.konflux-ci.dev/component=release,konflux.konflux-ci.dev/owner=konflux-release-service"}
{"level":"debug","ts":"2026-05-21T19:54:08Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"release-service"}
{"level":"info","ts":"2026-05-21T19:54:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"info","ts":"2026-05-21T19:54:08Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":4,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-tpa,olm.owner=rhtpa-operator.v1.1.4,olm.permissions.hash=89zmJTEa8x4dF5PYcd2jJAXBQdRMGCux5nsqKM,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":2,"labels":"app.kubernetes.io/component=database,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/name=create-db,batch.kubernetes.io/controller-uid=a3bc34b6-a60d-4bc1-acfe-2996140f4765,batch.kubernetes.io/job-name=create-db,controller-uid=a3bc34b6-a60d-4bc1-acfe-2996140f4765,job-name=create-db"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"job\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"job\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-db","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"job\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":2,"labels":"app.kubernetes.io/component=database,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/name=migrate-db,batch.kubernetes.io/controller-uid=6fb1e875-2fbd-4ede-ac44-c504c6e56a41,batch.kubernetes.io/job-name=migrate-db,controller-uid=6fb1e875-2fbd-4ede-ac44-c504c6e56a41,job-name=migrate-db"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"job\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"job\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"migrate-db","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"job\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=storage,app.kubernetes.io/part-of=trustify,app.kubernetes.io/version=2.2.4"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":5,"labels":"control-plane=controller-manager,pod-template-hash=586cbb496b"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":3,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=rhtpa-operator,control-plane=controller-manager,olm.managed=true,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":2,"labels":"app.kubernetes.io/component=importer,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=importer,app.kubernetes.io/part-of=trustify,app.kubernetes.io/version=2.2.4"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"service\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"service\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"service\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"importer","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"service\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":2,"labels":"app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=rhtpa-operator,control-plane=controller-manager,olm.deployment-spec-hash=61NDiU2koxxLCzAl6gIAYLCVnf76UPkRYTqw81,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-tpa,olm.owner=rhtpa-operator.v1.1.4,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"app.kubernetes.io/component=database,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=migrate-db,app.kubernetes.io/part-of=trustify,app.kubernetes.io/version=2.2.4"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=tsf-tpa,olm.owner=rhtpa-operator.v1.1.4,olm.permissions.hash=aFImzaN7XMTLc0qsAWHiSsv2PNOJPMjP0l04oA,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"type=importer-working-directory"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":2,"labels":"app.kubernetes.io/component=database,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/name=create-importers,batch.kubernetes.io/controller-uid=bf47e6ba-de1b-4f22-a718-a38d82249672,batch.kubernetes.io/job-name=create-importers,controller-uid=bf47e6ba-de1b-4f22-a718-a38d82249672,job-name=create-importers"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"job\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"job\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"unset-cpu-requirements","check_description":"Indicates when containers do not have CPU requests and limits set.","check_remediation":"Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"job\" has cpu request 0"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"create-importers","kind":"Job","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"job\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":5,"labels":"app.kubernetes.io/component=server,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/name=server,pod-template-hash=598d99f679"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"service\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"service\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":5,"labels":"app.kubernetes.io/component=server,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/name=server,pod-template-hash=94577c4f9"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"service\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"service\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":5,"labels":"app=tpa-pgsql-bee,phase=reference,pod-template-hash=5df6ff8bdf"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"app.kubernetes.io/component=database,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=create-db,app.kubernetes.io/part-of=trustify,app.kubernetes.io/version=2.2.4"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":3,"labels":"app.kubernetes.io/managed-by=Helm"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":4,"labels":"app.kubernetes.io/component=importer,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/name=importer,pod-template-hash=86bcdf477b"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":5,"labels":"app.kubernetes.io/component=server,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=server,app.kubernetes.io/part-of=trustify,app.kubernetes.io/version=2.2.4"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"run-as-non-root","check_description":"Indicates when containers are not set to runAsNonRoot.","check_remediation":"Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.","check_failure_reason":"container \"service\" is not set to runAsNonRoot"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"unset-memory-requirements","check_description":"Indicates when containers do not have memory requests and limits set.","check_remediation":"Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.","check_failure_reason":"container \"service\" has memory limit 0"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"dnsconfig-options","check_description":"Alert on deployments that have no specified dnsConfig options","check_remediation":"Specify dnsconfig options in your Pod specification to ensure the expected DNS setting on the Pod. Refer to https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for details.","check_failure_reason":"Object does not define any DNSConfig rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"env-value-from","check_description":"Indicates when objects use a secret or configmap not included in the deployment.","check_remediation":"Change the name or key to match a secret / configmap in the deployment.","check_failure_reason":"The container \"service\" is referring to an unknown secret \"tpa-pgsql-user\""}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"minimum-three-replicas","check_description":"Indicates when a deployment uses less than three replicas","check_remediation":"Increase the number of replicas in the deployment to at least three to increase the fault tolerance of the deployment.","check_failure_reason":"object has 1 replica but minimum required replicas is 3"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"no-node-affinity","check_description":"Alert on deployments that have no node affinity defined","check_remediation":"Specify node-affinity in your pod specification to ensure that the orchestrator attempts to schedule replicas on specified nodes. Refer to https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity for details.","check_failure_reason":"object does not define any node affinity rules."}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"validationEngine","msg":"New Metric has been created","namespace":"tsf-tpa","object":"server","kind":"Deployment","validation":"non-isolated-pod","check_description":"Alert on deployment-like objects that are not selected by any NetworkPolicy.","check_remediation":"Ensure pod does not accept unsafe traffic by isolating it with a NetworkPolicy. See https://cloud.redhat.com/blog/guide-to-kubernetes-ingress-network-policies for more details.","check_failure_reason":"pods created by this object are non-isolated"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"olm.managed=true,operators.coreos.com/rhtpa-operator.tsf-tpa="}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tpa","items":1,"labels":"app.kubernetes.io/component=database,app.kubernetes.io/instance=trustedprofileanalyzer,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=create-importers,app.kubernetes.io/part-of=trustify,app.kubernetes.io/version=2.2.4"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tpa"}
{"level":"info","ts":"2026-05-21T19:54:09Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=rekor-redis,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-redis,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=54fbdd6fc6"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=rekor-server,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-server,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=76758ffb66"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=fulcio,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=fulcio-server,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=trillian-logserver,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-logserver,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":7,"labels":"app.kubernetes.io/component=trillian-logsigner,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-logsigner,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":3,"labels":"app.kubernetes.io/component=tuf,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=tuf-repository-init,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=rekor-ui,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-search-ui,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=77d75bc5d9"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=trillian-db,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-db,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=6856b5cb5b"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=rekor-redis,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-redis,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=segment-backup-installation,app.kubernetes.io/instance-namespace=tsf-tas,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=segment-backup-nightly-metrics,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":2,"labels":"batch.kubernetes.io/controller-uid=ad34665a-667b-449f-a803-667cab849e9e,batch.kubernetes.io/job-name=ctlog-createtree-job-9h8k2,controller-uid=ad34665a-667b-449f-a803-667cab849e9e,job-name=ctlog-createtree-job-9h8k2"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=tuf,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=tuf,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=97fc8ff76"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=rekor-server,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":4,"labels":"app.kubernetes.io/component=createtree,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=backfill-redis,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=backfill-redis,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":6,"labels":"app.kubernetes.io/component=rekor-server,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-server,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":7,"labels":"app.kubernetes.io/component=tuf,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=tuf,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=fulcio,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=fulcio-server,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=84ffc7d87c"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":2,"labels":"app.kubernetes.io/component=tuf,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=tuf-repository-init,app.kubernetes.io/part-of=trusted-artifact-signer,batch.kubernetes.io/controller-uid=901f5e0d-fef0-44a4-be85-d8f18a343f32,batch.kubernetes.io/job-name=tuf-repository-init-47sgc,controller-uid=901f5e0d-fef0-44a4-be85-d8f18a343f32,job-name=tuf-repository-init-47sgc,rhtas.redhat.com/resource=tuf"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":4,"labels":"app.kubernetes.io/component=createtree,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=ctlog,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=fulcio,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=fulcio,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=rekor-search-ui,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-ui,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":6,"labels":"app.kubernetes.io/component=trillian-db,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-db,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":2,"labels":"batch.kubernetes.io/controller-uid=18e28d6e-e122-4929-bbf9-ac1c797a9c70,batch.kubernetes.io/job-name=segment-backup-installation-qts55,controller-uid=18e28d6e-e122-4929-bbf9-ac1c797a9c70,job-name=segment-backup-installation-qts55"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=trillian-logsigner,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-logsigner,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=67c499f58f"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":2,"labels":"batch.kubernetes.io/controller-uid=72786fd8-d155-4ac5-9d87-12a809dee356,batch.kubernetes.io/job-name=rekor-createtree-job-4l8mc,controller-uid=72786fd8-d155-4ac5-9d87-12a809dee356,job-name=rekor-createtree-job-4l8mc"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=trillian-logserver,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=trillian-logserver,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=6ccd978ff4"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=rekor-ui,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-search-ui,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=tuf,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=tuf-repository-init,app.kubernetes.io/part-of=trusted-artifact-signer,rhtas.redhat.com/resource=tuf"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=ctlog,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=ctlog,app.kubernetes.io/part-of=trusted-artifact-signer,pod-template-hash=855845d9b9"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":5,"labels":"app.kubernetes.io/component=ctlog,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=ctlog,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=segment-backup-installation,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=segment-backup-installation,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"tsf-tas","items":1,"labels":"app.kubernetes.io/component=backfill-redis,app.kubernetes.io/instance=trusted-artifact-signer,app.kubernetes.io/managed-by=controller-manager,app.kubernetes.io/name=rekor-backfill,app.kubernetes.io/part-of=trusted-artifact-signer"}
{"level":"debug","ts":"2026-05-21T19:54:09Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"tsf-tas"}
{"level":"info","ts":"2026-05-21T19:54:10Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}
{"level":"debug","ts":"2026-05-21T19:54:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":2,"labels":"olm.managed=true"}
{"level":"debug","ts":"2026-05-21T19:54:10Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:54:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=cert-manager-operator,olm.owner=cert-manager-operator.v1.19.0,olm.permissions.hash=5BvcE6aNRl1kjQ4qoZiC75uAhCACnLI6hzXqiT,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:54:10Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:54:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":4,"labels":"name=cert-manager-operator,pod-template-hash=5b66478c58"}
{"level":"debug","ts":"2026-05-21T19:54:10Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:54:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":2,"labels":"app.kubernetes.io/created-by=cert-manager-operator,app.kubernetes.io/instance=controller-manager-metrics-service,app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=service,app.kubernetes.io/part-of=cert-manager-operator,control-plane=controller-manager,olm.managed=true,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:54:10Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:54:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"olm.managed=true,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:54:10Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:54:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"app.kubernetes.io/component=manager,app.kubernetes.io/created-by=cert-manager-operator,app.kubernetes.io/instance=controller-manager,app.kubernetes.io/managed-by=kustomize,app.kubernetes.io/name=deployment,app.kubernetes.io/part-of=cert-manager-operator,olm.deployment-spec-hash=3sswK1i6h95ceYyTm9Y8NTcnSqHLcsB2WsCSCq,olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=cert-manager-operator,olm.owner=cert-manager-operator.v1.19.0,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:54:10Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"debug","ts":"2026-05-21T19:54:10Z","logger":"GenericReconciler","msg":"Reconciling Namespace Resources","ns":"cert-manager-operator","items":1,"labels":"olm.managed=true,olm.owner.kind=ClusterServiceVersion,olm.owner.namespace=cert-manager-operator,olm.owner=cert-manager-operator.v1.19.0,olm.permissions.hash=jFynzryran0Td5CUgJ3rwrkK6ZdYd35f5iILp,operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator="}
{"level":"debug","ts":"2026-05-21T19:54:10Z","logger":"GenericReconciler","msg":"All objects are validated, ending loop","ns":"cert-manager-operator"}
{"level":"info","ts":"2026-05-21T19:54:10Z","msg":"apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+"}