KMM Build pod recreating continuously after patching kernel module signing public and private keys into module custom resource #1245
Description
I created a module custom resource to build the sample kernel module on Red hat Openshift cluster. Secure boot was enabled on the cluster nodes. But I had forgot to add signing details into the module CR. After creating module custom resource, KMM operator did create the build pod. Build pod completed successfully. It pushed the module image into the registry. But KMM worker pods could not load kernel module on the cluster nodes, as modules were not signed. Then I updated the module custom resource with signing secrets. After this KMM operator is continuously creating build pod even though build pod is completing successfully. and KMM signing pod remained in error state as it could not pull unsigned module image.
Steps to reproduce issue:
-
Create a Redhat Openshift cluster with nodes where secure boot is enabled.
-
Deploy KMM operator
-
Create a build config map.
apiVersion: v1
kind: ConfigMap
metadata:
name: kmm-ci-dockerfile
namespace: openshift-kmm
data:
dockerfile: |
ARG DTK_AUTO
FROM ${DTK_AUTO} as builder
ARG KERNEL_VERSION
WORKDIR /usr/src
RUN ["git", "clone", "https://github.com/rh-ecosystem-edge/kernel-module-management.git"]
WORKDIR /usr/src/kernel-module-management/ci/kmm-kmod
RUN KERNEL_SRC_DIR=/lib/modules/${KERNEL_VERSION}/build make all
FROM registry.redhat.io/ubi8/ubi-minimal
ARG KERNEL_VERSION
RUN microdnf install kmod
COPY --from=builder /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_a.ko /opt/lib/modules/${KERNEL_VERSION}/
COPY --from=builder /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_b.ko /opt/lib/modules/${KERNEL_VERSION}/
RUN depmod -b /opt ${KERNEL_VERSION}- Create module custom resource. Don't configure signing details.
apiVersion: kmm.sigs.x-k8s.io/v1beta1
kind: Module
metadata:
name: kmm-ci-a
namespace: openshift-kmm
spec:
imageRepoSecret:
name: quayio-secret
moduleLoader:
container:
modprobe:
moduleName: kmm-ci-a
kernelMappings:
- regexp: '^.*\.x86_64$'
containerImage: "quay.io/abc/sample-kmod:${KERNEL_FULL_VERSION}"
build:
dockerfileConfigMap:
name: kmm-ci-dockerfile
selector:
kubernetes.io/arch: amd64 - After steps 4, kmm builds and push module image into registry.
# oc get pods | grep kmm
kmm-ci-a-build-wzkxd-build 1/1 Running 0 13s
kmm-operator-controller-56c987b578-mdljw 1/1 Running 0 19h
kmm-operator-webhook-9b5c876fc-7mxff 1/1 Running 0 19hbuild pod logs:
# oc logs kmm-ci-a-build-wzkxd-build -f
Defaulted container "docker-build" out of: docker-build, manage-dockerfile (init)
time="2026-03-25T09:26:18Z" level=info msg="Not using native diff for overlay, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled"
I0325 09:26:18.689221 1 defaults.go:112] Defaulting to storage driver "overlay" with options [mountopt=metacopy=on].
Caching blobs under "/var/cache/blobs".
Pulling image quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c8a953f6b8b1aae24e2b99d1d8e03769462b3e420c585ace69019c460384a911 ...
Trying to pull quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c8a953f6b8b1aae24e2b99d1d8e03769462b3e420c585ace69019c460384a911...
Getting image source signatures
Copying blob sha256:7d50a628b31921823900ff4e2d47750b3bac92ac1f383a0bdd073e150cccbac7
Copying blob sha256:ed7c0beccfbff00ef302ccdf51b4e7930351c0b4107ad653ae001938e6496ae4
Copying blob sha256:25c75c34b2e2b68ba9245d9cddeb6b8a0887371ed30744064f85241a75704d87
Copying blob sha256:6e4c21d59357437fb68c020c5693d2bfaab020bdacde677919b0eb23c439f3b8
Copying config sha256:9499745dbdcdbd898025d23d24aa020eb762f5a78216523594890c99d73398f1
Writing manifest to image destination
Pulling image registry.redhat.io/ubi8/ubi-minimal ...
Trying to pull registry.redhat.io/ubi8/ubi-minimal:latest...
Getting image source signatures
Copying blob sha256:b1ca221713e1c030242ad8068cf989e40bba015abbf8907a2fb0a9208ad851c5
Copying config sha256:82406a650dcb9858e2a6553a1b4cb5e7a985e316ba85aa48c7c22cdf96aaee78
Writing manifest to image destination
Adding transient rw bind mount for /run/secrets/rhsm
Adding transient ro bind mount for /etc/pki/ca-trust
[1/2] STEP 1/6: FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c8a953f6b8b1aae24e2b99d1d8e03769462b3e420c585ace69019c460384a911 AS builder
[1/2] STEP 2/6: ARG KERNEL_VERSION
--> f44dc65b5ae8
[1/2] STEP 3/6: WORKDIR /usr/src
--> da515d31bdc2
[1/2] STEP 4/6: RUN ["git","clone","https://github.com/rh-ecosystem-edge/kernel-module-management.git"]
Cloning into 'kernel-module-management'...
Updating files: 100% (6481/6481), done.
--> 87c764d4f3da
[1/2] STEP 5/6: WORKDIR /usr/src/kernel-module-management/ci/kmm-kmod
--> fda367f786dc
[1/2] STEP 6/6: RUN KERNEL_SRC_DIR=/lib/modules/${KERNEL_VERSION}/build make all
make -C /lib/modules/5.14.0-570.92.1.el9_6.x86_64/build M=/usr/src/kernel-module-management/ci/kmm-kmod modules
make[1]: Entering directory '/usr/src/kernels/5.14.0-570.92.1.el9_6.x86_64'
CC [M] /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_a.o
CC [M] /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_b.o
MODPOST /usr/src/kernel-module-management/ci/kmm-kmod/Module.symvers
CC [M] /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_a.mod.o
LD [M] /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_a.ko
BTF [M] /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_a.ko
Skipping BTF generation for /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_a.ko due to unavailability of vmlinux
CC [M] /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_b.mod.o
LD [M] /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_b.ko
BTF [M] /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_b.ko
Skipping BTF generation for /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_b.ko due to unavailability of vmlinux
make[1]: Leaving directory '/usr/src/kernels/5.14.0-570.92.1.el9_6.x86_64'
--> 5298ca22c4dc
[2/2] STEP 1/8: FROM registry.redhat.io/ubi8/ubi-minimal
[2/2] STEP 2/8: ARG KERNEL_VERSION
--> 37f28b06245c
[2/2] STEP 3/8: RUN microdnf install kmod
(microdnf:1): librhsm-WARNING **: 09:27:59.480: Found 0 entitlement certificates
(microdnf:1): librhsm-WARNING **: 09:27:59.483: Found 0 entitlement certificates
Downloading metadata...
Downloading metadata...
Downloading metadata...
Package Repository Size
Installing:
kmod-25-20.el8.x86_64 ubi-8-baseos-rpms 129.4 kB
Transaction Summary:
Installing: 1 packages
Reinstalling: 0 packages
Upgrading: 0 packages
Obsoleting: 0 packages
Removing: 0 packages
Downgrading: 0 packages
Downloading packages...
Running transaction test...
Installing: kmod;25-20.el8;x86_64;ubi-8-baseos-rpms
Complete.
--> 003614b56f88
[2/2] STEP 4/8: COPY --from=builder /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_a.ko /opt/lib/modules/${KERNEL_VERSION}/
--> 787e9523a6d1
[2/2] STEP 5/8: COPY --from=builder /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_b.ko /opt/lib/modules/${KERNEL_VERSION}/
--> d9dd9186a094
[2/2] STEP 6/8: RUN depmod -b /opt ${KERNEL_VERSION}
depmod: WARNING: could not open /opt/lib/modules/5.14.0-570.92.1.el9_6.x86_64/modules.order: No such file or directory
depmod: WARNING: could not open /opt/lib/modules/5.14.0-570.92.1.el9_6.x86_64/modules.builtin: No such file or directory
--> 6709b8febbe5
[2/2] STEP 7/8: ENV "OPENSHIFT_BUILD_NAME"="kmm-ci-a-build-wzkxd" "OPENSHIFT_BUILD_NAMESPACE"="openshift-kmm"
--> 40d1372c8f06
[2/2] STEP 8/8: LABEL "io.openshift.build.name"="kmm-ci-a-build-wzkxd" "io.openshift.build.namespace"="opemshift-kmm"
[2/2] COMMIT temp.builder.openshift.io/openshift-kmm/kmm-ci-a-build-wzkxd:2af5e659
--> f577fb9cf4c3
[Warning] one or more build args were not consumed: [KERNEL_FULL_VERSION MOD_NAME MOD_NAMESPACE]
Successfully tagged temp.builder.openshift.io/openshift-kmm/kmm-ci-a-build-wzkxd:2af5e659
f577fb9cf4c3809356ccf69a50352b3117f3d984cfc7d03a02ed00ffa40d6413
Pushing image quay.io/abc/sample-kmod:5.14.0-570.92.1.el9_6.x86_64 ...
Getting image source signatures
Copying blob sha256:f36fec78906a42be9c2dc01f53b5ad5e3078c1d323626f88e0ea5957d5629881
Copying blob sha256:b1ca221713e1c030242ad8068cf989e40bba015abbf8907a2fb0a9208ad851c5
Copying blob sha256:56d3008610ae6cb844bc8f65c91bb7520310064044e5c627e7c94389d36db69e
Copying blob sha256:010027d7684ad97ff756644a6092090fdb3a3768b2debfdc245247a38aedce35
Copying blob sha256:262614e52cc02b64d63bb61246bfb608bc090751cbdf2a6590497572c4082dc5
Copying config sha256:f577fb9cf4c3809356ccf69a50352b3117f3d984cfc7d03a02ed00ffa40d6413
Writing manifest to image destination
Successfully pushed quay.io/abc/sample-kmod@sha256:45b08b0a151d4a5ed8b919970d9df8047ec0010ff591fc9b200bb8c59a621f34
Push successful- But KMM worker pods failed to load kernel modules on cluster nodes as modules were not signed.
# oc get pods | grep kmm
kmm-operator-controller-56c987b578-mdljw 1/1 Running 0 19h
kmm-operator-webhook-9b5c876fc-7mxff 1/1 Running 0 19h
kmm-worker-master0.ocp1.vmlocal-kmm-ci-a 0/1 Error 1 (2s ago) 9s
kmm-worker-master1.ocp1.vmlocal-kmm-ci-a 0/1 Error 1 (3s ago) 10s
kmm-worker-master2.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 1 (2s ago) 10s
kmm-worker-worker0.ocp1.vmlocal-kmm-ci-a 0/1 Error 1 (3s ago) 10s
kmm-worker-worker1.ocp1.vmlocal-kmm-ci-a 0/1 Error 1 (3s ago) 10s
kmm-worker-worker2.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 1 (3s ago) 9s# oc logs kmm-worker-master0.ocp1.vmlocal-kmm-ci-a
Defaulted container "worker" out of: worker, image-extractor (init)
I0325 09:28:26.013229 1 funcs_kmod.go:12] "Starting worker" logger="kmm-worker" version="" git commit=""
I0325 09:28:26.013682 1 funcs_kmod.go:24] "Reading config" logger="kmm-worker" path="/etc/kmm-worker/config.yaml"
I0325 09:28:26.014299 1 modprobe.go:33] "Running modprobe" logger="kmm-worker" command="/usr/sbin/modprobe -vd /tmp/opt kmm-ci-a"
I0325 09:28:26.018371 1 cmdlog.go:70] "modprobe: ERROR: could not insert 'kmm_ci_a': Key was rejected by service" logger="kmm-worker.modprobe.stderr"
I0325 09:28:26.018476 1 cmdlog.go:70] "insmod /tmp/opt/lib/modules/5.14.0-570.92.1.el9_6.x86_64/kmm_ci_a.ko " logger="kmm-worker.modprobe.stdout"
E0325 09:28:26.018954 1 cmdutils.go:11] "Fatal error" err="error while waiting on the command: exit status 1" logger="kmm-worker"- Update module custom resource to include signing details. I had applied below yaml which include signing keys.
apiVersion: kmm.sigs.x-k8s.io/v1beta1
kind: Module
metadata:
name: kmm-ci-a
namespace: openshift-kmm
spec:
imageRepoSecret:
name: quayio-secret
moduleLoader:
container:
modprobe:
moduleName: kmm-ci-a
kernelMappings:
- regexp: '^.*\.x86_64$'
sign:
certSecret:
name: my-signing-key-pub
filesToSign:
- /opt/lib/modules/${KERNEL_FULL_VERSION}/kmm_ci_a.ko
keySecret:
name: my-signing-key
keySecret:
name: my-signing-key
containerImage: "quay.io/abc/sample-kmod:${KERNEL_FULL_VERSION}"
build:
dockerfileConfigMap:
name: kmm-ci-dockerfile
selector:
kubernetes.io/arch: amd64- After this, KMM build pod is recreating again and again even though build pod completes successfully. And kmm signing pod remained in error state as it could not pull unsigned module image.
# oc get pods | grep kmm
kmm-ci-a-build-qv9l4-build 1/1 Running 0 19s
kmm-ci-a-sign-tv4l7-build 0/1 Error 0 2m42s
kmm-operator-controller-56c987b578-mdljw 1/1 Running 0 20h
kmm-operator-webhook-9b5c876fc-7mxff 1/1 Running 0 20h
kmm-worker-master0.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 8 (59s ago) 16m
kmm-worker-master1.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 8 (47s ago) 16m
kmm-worker-master2.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 8 (39s ago) 16m
kmm-worker-worker0.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 8 (54s ago) 16m
kmm-worker-worker1.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 8 (66s ago) 16m
kmm-worker-worker2.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 8 (75s ago) 16m
[root@ocp1-helper sample-kmod]# # oc get pods | grep kmm
kmm-ci-a-build-w95tj-build 1/1 Running 0 82s
kmm-ci-a-sign-tv4l7-build 0/1 Error 0 5m44s
kmm-operator-controller-56c987b578-mdljw 1/1 Running 0 20h
kmm-operator-webhook-9b5c876fc-7mxff 1/1 Running 0 20h
kmm-worker-master0.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 8 (4m1s ago) 19m
kmm-worker-master1.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 8 (3m49s ago) 19m
kmm-worker-master2.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 8 (3m41s ago) 19m
kmm-worker-worker0.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 8 (3m56s ago) 19m
kmm-worker-worker1.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 8 (4m8s ago) 19m
kmm-worker-worker2.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 8 (4m17s ago) 19m
[root@ocp1-helper sample-kmod]# # oc get pods | grep kmm
kmm-ci-a-build-kfhc9-build 1/1 Running 0 30s
kmm-ci-a-sign-tv4l7-build 0/1 Error 0 59m
kmm-operator-controller-56c987b578-mdljw 1/1 Running 0 21h
kmm-operator-webhook-9b5c876fc-7mxff 1/1 Running 0 21h
kmm-worker-master0.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 19 (99s ago) 73m
kmm-worker-master1.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 19 (85s ago) 74m
kmm-worker-master2.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 19 (84s ago) 74m
kmm-worker-worker0.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 19 (95s ago) 74m
kmm-worker-worker1.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 19 (105s ago) 74m
kmm-worker-worker2.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 19 (2m4s ago) 73m
[root@ocp1-helper sample-kmod]# # oc get pods | grep kmm
kmm-ci-a-build-q6kpb-build 1/1 Running 0 103s
kmm-ci-a-sign-tv4l7-build 0/1 Error 0 118m
kmm-operator-controller-56c987b578-mdljw 1/1 Running 0 22h
kmm-operator-webhook-9b5c876fc-7mxff 1/1 Running 0 22h
kmm-worker-master0.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 30 (4m26s ago) 132m
kmm-worker-master1.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 30 (4m13s ago) 132m
kmm-worker-master2.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 30 (4m13s ago) 132m
kmm-worker-worker0.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 30 (4m21s ago) 132m
kmm-worker-worker1.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 30 (4m33s ago) 132m
kmm-worker-worker2.ocp1.vmlocal-kmm-ci-a 0/1 CrashLoopBackOff 30 (4m32s ago) 132mMore info:
KMM operator version
# oc get csv
NAME DISPLAY VERSION REPLACES PHASE
kernel-module-management.v2.6.0 Kernel Module Management 2.6.0 kernel-module-management.v2.5.1 SucceededOpenshift version:
# oc version
Client Version: 4.21.3
Kustomize Version: v5.7.1
Server Version: 4.21.3
Kubernetes Version: v1.34.2KMM operator logs snippet:
I0325 11:41:39.453222 1 module_reconciler.go:124] "Starting Module reconciliation" logger="kmm" controller="ModuleReconciler" controllerGroup="kmm.sigs.x-k8s.io" controllerKind="Module" Module="openshift-kmm/kmm-ci-a" namespace="openshift-kmm" name="kmm-ci-a" reconcileID="a42369f6-b926-4b2e-9c89-cbfd5faa1dab"
I0325 11:41:39.453297 1 module_reconciler.go:562] "Handling NetworkPolicies" logger="kmm" controller="ModuleReconciler" controllerGroup="kmm.sigs.x-k8s.io" controllerKind="Module" Module="openshift-kmm/kmm-ci-a" name="kmm-ci-a" reconcileID="a42369f6-b926-4b2e-9c89-cbfd5faa1dab" module="kmm-ci-a" namespace="openshift-kmm"
I0325 11:41:39.453354 1 module_reconciler.go:582] "Successfully handled NetworkPolicies" logger="kmm" controller="ModuleReconciler" controllerGroup="kmm.sigs.x-k8s.io" controllerKind="Module" Module="openshift-kmm/kmm-ci-a" namespace="openshift-kmm" name="kmm-ci-a" reconcileID="a42369f6-b926-4b2e-9c89-cbfd5faa1dab"
I0325 11:41:39.454491 1 mic.go:75] "Applied MIC" logger="kmm" controller="ModuleReconciler" controllerGroup="kmm.sigs.x-k8s.io" controllerKind="Module" Module="openshift-kmm/kmm-ci-a" reconcileID="a42369f6-b926-4b2e-9c89-cbfd5faa1dab" name="kmm-ci-a" namespace="openshift-kmm" result="unchanged"
I0325 11:41:39.457886 1 job_gc_reconciler.go:44] "Releasing finalizer" logger="kmm" controller="JobGCReconciler" controllerGroup="build.openshift.io" controllerKind="Build" Build="openshift-kmm/kmm-ci-a-build-q6kpb" namespace="openshift-kmm" name="kmm-ci-a-build-q6kpb" reconcileID="0b2fffe1-7a1b-4a30-8eec-c8f5be0782b8"
I0325 11:41:39.458532 1 mbsc_reconciler.go:165] "Garbage-collected Build objects" logger="kmm" controller="MBSCReconciler" controllerGroup="kmm.sigs.x-k8s.io" controllerKind="ModuleBuildSignConfig" ModuleBuildSignConfig="openshift-kmm/kmm-ci-a" namespace="openshift-kmm" name="kmm-ci-a" reconcileID="2946b168-6859-4202-9629-b158657f58b4" names=["kmm-ci-a-build-q6kpb"]
I0325 11:41:39.458618 1 mbsc_reconciler.go:173] "Garbage-collected Sign objects" logger="kmm" controller="MBSCReconciler" controllerGroup="kmm.sigs.x-k8s.io" controllerKind="ModuleBuildSignConfig" ModuleBuildSignConfig="openshift-kmm/kmm-ci-a" namespace="openshift-kmm" name="kmm-ci-a" reconcileID="2946b168-6859-4202-9629-b158657f58b4" names=[]
I0325 11:41:39.469672 1 mic_reconciler.go:258] "mbsc status success and sign section exists, updating mic image to NeedsSigning" logger="kmm" controller="MICReconciler" controllerGroup="kmm.sigs.x-k8s.io" controllerKind="ModuleImagesConfig" ModuleImagesConfig="openshift-kmm/kmm-ci-a" namespace="openshift-kmm" name="kmm-ci-a" reconcileID="1fdf2141-7bd9-4d0b-add4-4bd58618ea54" mic name="kmm-ci-a"
I0325 11:41:39.471998 1 manager.go:77] "Building or Signing in-cluster" logger="kmm" controller="MBSCReconciler" controllerGroup="kmm.sigs.x-k8s.io" controllerKind="ModuleBuildSignConfig" ModuleBuildSignConfig="openshift-kmm/kmm-ci-a" namespace="openshift-kmm" name="kmm-ci-a" reconcileID="9eb11620-6d17-4b91-96d9-1f5bbe46b546"
I0325 11:41:39.474107 1 mbsc_reconciler.go:86] "run garbage collector for build/sign pods" logger="kmm" controller="MBSCReconciler" controllerGroup="kmm.sigs.x-k8s.io" controllerKind="ModuleBuildSignConfig" ModuleBuildSignConfig="openshift-kmm/kmm-ci-a" namespace="openshift-kmm" name="kmm-ci-a" reconcileID="9eb11620-6d17-4b91-96d9-1f5bbe46b546"
I0325 11:41:39.492144 1 mic_reconciler.go:258] "mbsc status success and sign section exists, updating mic image to NeedsSigning" logger="kmm" controller="MICReconciler" controllerGroup="kmm.sigs.x-k8s.io" controllerKind="ModuleImagesConfig" ModuleImagesConfig="openshift-kmm/kmm-ci-a" namespace="openshift-kmm" name="kmm-ci-a" reconcileID="3b05668a-5b6d-4a6d-a07c-f2e3c3bc19d3" mic name="kmm-ci-a"
I0325 11:41:39.493275 1 manager.go:138] "WARNING: failed to delete BuildImage resource kmm-ci-a-build-q6kpb in garbage collection: builds.build.openshift.io \"kmm-ci-a-build-q6kpb\" not found" logger="kmm" controller="MBSCReconciler" controllerGroup="kmm.sigs.x-k8s.io" controllerKind="ModuleBuildSignConfig" ModuleBuildSignConfig="openshift-kmm/kmm-ci-a" namespace="openshift-kmm" name="kmm-ci-a" reconcileID="9eb11620-6d17-4b91-96d9-1f5bbe46b546"
E0325 11:41:39.493356 1 controller.go:347] "Reconciler error" err="failed to run garbage collector for MBSC kmm-ci-a: could not garbage collect build objects: builds.build.openshift.io \"kmm-ci-a-build-q6kpb\" not found" logger="kmm" controller="MBSCReconciler" controllerGroup="kmm.sigs.x-k8s.io" controllerKind="ModuleBuildSignConfig" ModuleBuildSignConfig="openshift-kmm/kmm-ci-a" namespace="openshift-kmm" name="kmm-ci-a" reconcileID="9eb11620-6d17-4b91-96d9-1f5bbe46b546"
I0325 11:41:39.514653 1 manager.go:77] "Building or Signing in-cluster" logger="kmm" controller="MBSCReconciler" controllerGroup="kmm.sigs.x-k8s.io" controllerKind="ModuleBuildSignConfig" ModuleBuildSignConfig="openshift-kmm/kmm-ci-a" namespace="openshift-kmm" name="kmm-ci-a" reconcileID="e27c6fa6-5804-4a23-b24e-39f9b6a445cf"
I0325 11:41:39.515928 1 mic_reconciler.go:250] "mbsc status failed, updating mic image to DoesNotExist" logger="kmm" controller="MICReconciler" controllerGroup="kmm.sigs.x-k8s.io" controllerKind="ModuleImagesConfig" ModuleImagesConfig="openshift-kmm/kmm-ci-a" namespace="openshift-kmm" name="kmm-ci-a" reconcileID="dd2bc91f-f995-4255-98d6-58d6061d9d54" mic name="kmm-ci-a"
moduleimageconfig object
# oc get moduleimagesconfigs.kmm.sigs.x-k8s.io kmm-ci-a -oyaml
apiVersion: kmm.sigs.x-k8s.io/v1beta1
kind: ModuleImagesConfig
metadata:
creationTimestamp: "2026-03-25T09:26:13Z"
generation: 2
name: kmm-ci-a
namespace: openshift-kmm
ownerReferences:
- apiVersion: kmm.sigs.x-k8s.io/v1beta1
blockOwnerDeletion: true
controller: true
kind: Module
name: kmm-ci-a
uid: e44ec93c-4aa2-4bc1-8870-0b520d823bda
resourceVersion: "5724376"
uid: 69048794-869a-4f17-b68c-f46e506ee210
spec:
imagePullPolicy: ""
imageRepoSecret:
name: quayio-secret
images:
- build:
baseImageRegistryTLS: {}
dockerfileConfigMap:
name: kmm-ci-dockerfile
dirName: /opt
image: quay.io/abc/sample-kmod:5.14.0-570.92.1.el9_6.x86_64
kernelVersion: 5.14.0-570.92.1.el9_6.x86_64
registryTLS: {}
sign:
certSecret:
name: my-signing-key-pub
filesToSign:
- /opt/lib/modules/5.14.0-570.92.1.el9_6.x86_64/kmm_ci_a.ko
keySecret:
name: my-signing-key
unsignedImageRegistryTLS: {}
pushBuiltImage: true
status:
imagesStates:
- image: quay.io/abc/sample-kmod:5.14.0-570.92.1.el9_6.x86_64
status: DoesNotExist