diff --git a/applications/openshift/high-availability/control_plane_nodes_in_three_zones/rule.yml b/applications/openshift/high-availability/control_plane_nodes_in_three_zones/rule.yml
new file mode 100644
index 00000000000..e0f3c246d44
--- /dev/null
+++ b/applications/openshift/high-availability/control_plane_nodes_in_three_zones/rule.yml
@@ -0,0 +1,54 @@
+documentation_complete: true
+
+title: 'Ensure control plane / master nodes are distribute across three failure zones'
+
+description: |-
+ Distributing Kubernetes control plane nodes across failure zones enhances security by mitigating
+ the risk of a single point of failure and reducing the impact of API inavailability or attacks
+ targeting a specific zone. Maintaining three instances of etcd across different failure zones
+ ensures fault tolerance and enables the system to reach quorum, thereby safeguarding critical data
+ integrity and ensuring continued operation even in the event of zone failures.
+
+rationale: |-
+ Distributing Kubernetes control plane nodes across failure zones is crucial for enhancing overall
+ system resilience and security. By spreading control plane components across different zones,
+ the system becomes more fault-tolerant, reducing the risk of widespread outages due to failures or
+ attacks in a single zone. Having multiple instances of etcd spread across these zones ensures data
+ integrity and availability, as it requires a quorum of nodes to reach consensus.
+ With three zones, Kubernetes can achieve a quorum with a simple majority (i.e., two out of three)
+ for critical components like etcd, ensuring system stability even if one zone fails.
+ Failure zones are marked on nodes using a well-known label called "topology.kubernetes.io/zone".
+ This label is automatically assigned to each node by cloud providers but might need to be managed
+ manually in other environments
+
+identifiers: {}
+
+references:
+ bsi: APP.4.4.A19
+
+severity: medium
+
+ocil_clause: 'Kubernetes control plane not distributed across three failure zones'
+
+ocil: |-
+ Run the following command to determine the failure zones of the control plane nodes, indicated by
+ the label .
+ $ oc get nodes --selector "node-role.kubernetes.io/master" -o custom-columns='NAME:.metadata.name,ZONE:.metadata.labels.topology\.kubernetes\.io/zone'
+ Make sure that three distinct zones are listed.
+
+{{% set jqfilter = '.items | map(select(.metadata.labels["node-role.kubernetes.io/master"] == "") | .metadata.labels["topology.kubernetes.io/zone"]) | unique | length' %}}
+
+warnings:
+- general: |-
+ {{{ openshift_filtered_cluster_setting({'/api/v1/nodes': jqfilter}) | indent(4) }}}
+
+template:
+ name: yamlfile_value
+ vars:
+ ocp_data: "true"
+ filepath: |-
+ {{{ openshift_filtered_path('/api/v1/nodes', jqfilter) }}}
+ yamlpath: "$"
+ values:
+ - value: 3
+ type: int
diff --git a/applications/openshift/high-availability/control_plane_nodes_in_three_zones/tests/no_zones.fail.sh b/applications/openshift/high-availability/control_plane_nodes_in_three_zones/tests/no_zones.fail.sh
new file mode 100644
index 00000000000..4c33ced6783
--- /dev/null
+++ b/applications/openshift/high-availability/control_plane_nodes_in_three_zones/tests/no_zones.fail.sh
@@ -0,0 +1,301 @@
+#!/bin/bash
+# remediation = none
+# packages = jq
+
+kube_apipath="/kubernetes-api-resources"
+mkdir -p "$kube_apipath/api/v1"
+nodes_apipath="/api/v1/nodes"
+
+cat < "$kube_apipath$nodes_apipath"
+{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.6\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control1.domain.local\",\"ip-addresses\":[\"172.10.57.6/24\"],\"ip-address\":\"172.10.57.6/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "aa52d871-d0a8-46ee-a9be-913fd34f7692",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.8/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.9\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.6/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.0.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:23:02Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos"
+ },
+ "name": "ocp-control1.domain.local",
+ "resourceVersion": "1192119588",
+ "uid": "c0aa2f3d-71ed-428d-9d11-4824f0e914da"
+ },
+ "spec": {
+ "podCIDR": "10.128.0.0/24",
+ "podCIDRs": [
+ "10.128.0.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.6",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.7\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control2.domain.local\",\"ip-addresses\":[\"172.10.57.7/24\"],\"ip-address\":\"172.10.57.7/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "3d8ab0a6-17aa-4425-a989-e5f681672a6f",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.2/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.13.130\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.7/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.2.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:24:11Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos"
+ },
+ "name": "ocp-control2.domain.local",
+ "resourceVersion": "1192119593",
+ "uid": "33735f94-a745-4d7d-8707-73df67cbc8e1"
+ },
+ "spec": {
+ "podCIDR": "10.128.1.0/24",
+ "podCIDRs": [
+ "10.128.1.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.7",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "15252816Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "16403792Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.8\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control3.domain.local\",\"ip-addresses\":[\"172.10.57.8/24\"],\"ip-address\":\"172.10.57.8/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "33908c13-7c84-44a8-a1ec-bcc0c7b9a363",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.3/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.9.205\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.8/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.4.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:25:24Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos"
+ },
+ "name": "ocp-control3.domain.local",
+ "resourceVersion": "1192117923",
+ "uid": "ffd0364a-b48d-4b53-bb69-47568e6511b5"
+ },
+ "spec": {
+ "podCIDR": "10.128.2.0/24",
+ "podCIDRs": [
+ "10.128.2.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.8",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ }
+ ],
+ "kind": "List",
+ "metadata": {
+ "resourceVersion": ""
+ }
+}
+EOF
+
+jq_filter='.items | map(select(.metadata.labels["node-role.kubernetes.io/master"] == "") | .metadata.labels["topology.kubernetes.io/zone"]) | unique | length'
+
+# Get file path. This will actually be read by the scan
+filteredpath="$kube_apipath$nodes_apipath#$(echo -n "$nodes_apipath$jq_filter" | sha256sum | awk '{print $1}')"
+
+# populate filtered path with jq-filtered result
+jq "$jq_filter" "$kube_apipath$nodes_apipath" > "$filteredpath"
diff --git a/applications/openshift/high-availability/control_plane_nodes_in_three_zones/tests/ocp4/e2e.yml b/applications/openshift/high-availability/control_plane_nodes_in_three_zones/tests/ocp4/e2e.yml
new file mode 100644
index 00000000000..f426dc3d7ea
--- /dev/null
+++ b/applications/openshift/high-availability/control_plane_nodes_in_three_zones/tests/ocp4/e2e.yml
@@ -0,0 +1,2 @@
+---
+default_result: FAIL
diff --git a/applications/openshift/high-availability/control_plane_nodes_in_three_zones/tests/three_zones.pass.sh b/applications/openshift/high-availability/control_plane_nodes_in_three_zones/tests/three_zones.pass.sh
new file mode 100644
index 00000000000..f420968a150
--- /dev/null
+++ b/applications/openshift/high-availability/control_plane_nodes_in_three_zones/tests/three_zones.pass.sh
@@ -0,0 +1,307 @@
+#!/bin/bash
+# remediation = none
+# packages = jq
+
+kube_apipath="/kubernetes-api-resources"
+mkdir -p "$kube_apipath/api/v1"
+nodes_apipath="/api/v1/nodes"
+
+cat < "$kube_apipath$nodes_apipath"
+{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.6\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control1.domain.local\",\"ip-addresses\":[\"172.10.57.6/24\"],\"ip-address\":\"172.10.57.6/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "aa52d871-d0a8-46ee-a9be-913fd34f7692",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.8/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.9\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.6/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.0.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:23:02Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1b"
+ },
+ "name": "ocp-control1.domain.local",
+ "resourceVersion": "1192119588",
+ "uid": "c0aa2f3d-71ed-428d-9d11-4824f0e914da"
+ },
+ "spec": {
+ "podCIDR": "10.128.0.0/24",
+ "podCIDRs": [
+ "10.128.0.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.6",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.7\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control2.domain.local\",\"ip-addresses\":[\"172.10.57.7/24\"],\"ip-address\":\"172.10.57.7/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "3d8ab0a6-17aa-4425-a989-e5f681672a6f",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.2/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.13.130\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.7/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.2.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:24:11Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-control2.domain.local",
+ "resourceVersion": "1192119593",
+ "uid": "33735f94-a745-4d7d-8707-73df67cbc8e1"
+ },
+ "spec": {
+ "podCIDR": "10.128.1.0/24",
+ "podCIDRs": [
+ "10.128.1.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.7",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "15252816Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "16403792Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.8\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control3.domain.local\",\"ip-addresses\":[\"172.10.57.8/24\"],\"ip-address\":\"172.10.57.8/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "33908c13-7c84-44a8-a1ec-bcc0c7b9a363",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.3/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.9.205\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.8/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.4.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:25:24Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1c"
+ },
+ "name": "ocp-control3.domain.local",
+ "resourceVersion": "1192117923",
+ "uid": "ffd0364a-b48d-4b53-bb69-47568e6511b5"
+ },
+ "spec": {
+ "podCIDR": "10.128.2.0/24",
+ "podCIDRs": [
+ "10.128.2.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.8",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ }
+ ],
+ "kind": "List",
+ "metadata": {
+ "resourceVersion": ""
+ }
+}
+EOF
+
+jq_filter='.items | map(select(.metadata.labels["node-role.kubernetes.io/master"] == "") | .metadata.labels["topology.kubernetes.io/zone"]) | unique | length'
+
+# Get file path. This will actually be read by the scan
+filteredpath="$kube_apipath$nodes_apipath#$(echo -n "$nodes_apipath$jq_filter" | sha256sum | awk '{print $1}')"
+
+# populate filtered path with jq-filtered result
+jq "$jq_filter" "$kube_apipath$nodes_apipath" > "$filteredpath"
diff --git a/applications/openshift/high-availability/control_plane_nodes_in_three_zones/tests/two_nodes.fail.sh b/applications/openshift/high-availability/control_plane_nodes_in_three_zones/tests/two_nodes.fail.sh
new file mode 100644
index 00000000000..eb9e7fe9195
--- /dev/null
+++ b/applications/openshift/high-availability/control_plane_nodes_in_three_zones/tests/two_nodes.fail.sh
@@ -0,0 +1,215 @@
+#!/bin/bash
+# remediation = none
+# packages = jq
+
+kube_apipath="/kubernetes-api-resources"
+mkdir -p "$kube_apipath/api/v1"
+nodes_apipath="/api/v1/nodes"
+
+cat < "$kube_apipath$nodes_apipath"
+{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.6\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control1.domain.local\",\"ip-addresses\":[\"172.10.57.6/24\"],\"ip-address\":\"172.10.57.6/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "aa52d871-d0a8-46ee-a9be-913fd34f7692",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.8/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.9\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.6/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.0.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:23:02Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-control1.domain.local",
+ "resourceVersion": "1192119588",
+ "uid": "c0aa2f3d-71ed-428d-9d11-4824f0e914da"
+ },
+ "spec": {
+ "podCIDR": "10.128.0.0/24",
+ "podCIDRs": [
+ "10.128.0.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.6",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.7\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control2.domain.local\",\"ip-addresses\":[\"172.10.57.7/24\"],\"ip-address\":\"172.10.57.7/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "3d8ab0a6-17aa-4425-a989-e5f681672a6f",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.2/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.13.130\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.7/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.2.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:24:11Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1b"
+ },
+ "name": "ocp-control2.domain.local",
+ "resourceVersion": "1192119593",
+ "uid": "33735f94-a745-4d7d-8707-73df67cbc8e1"
+ },
+ "spec": {
+ "podCIDR": "10.128.1.0/24",
+ "podCIDRs": [
+ "10.128.1.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.7",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "15252816Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "16403792Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ }
+ ],
+ "kind": "List",
+ "metadata": {
+ "resourceVersion": ""
+ }
+}
+EOF
+
+jq_filter='.items | map(select(.metadata.labels["node-role.kubernetes.io/master"] == "") | .metadata.labels["topology.kubernetes.io/zone"]) | unique | length'
+
+# Get file path. This will actually be read by the scan
+filteredpath="$kube_apipath$nodes_apipath#$(echo -n "$nodes_apipath$jq_filter" | sha256sum | awk '{print $1}')"
+
+# populate filtered path with jq-filtered result
+jq "$jq_filter" "$kube_apipath$nodes_apipath" > "$filteredpath"
diff --git a/applications/openshift/high-availability/control_plane_nodes_in_three_zones/tests/two_zones.fail.sh b/applications/openshift/high-availability/control_plane_nodes_in_three_zones/tests/two_zones.fail.sh
new file mode 100644
index 00000000000..dc96397aecd
--- /dev/null
+++ b/applications/openshift/high-availability/control_plane_nodes_in_three_zones/tests/two_zones.fail.sh
@@ -0,0 +1,307 @@
+#!/bin/bash
+# remediation = none
+# packages = jq
+
+kube_apipath="/kubernetes-api-resources"
+mkdir -p "$kube_apipath/api/v1"
+nodes_apipath="/api/v1/nodes"
+
+cat < "$kube_apipath$nodes_apipath"
+{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.6\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control1.domain.local\",\"ip-addresses\":[\"172.10.57.6/24\"],\"ip-address\":\"172.10.57.6/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "aa52d871-d0a8-46ee-a9be-913fd34f7692",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.8/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.9\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.6/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.0.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:23:02Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-control1.domain.local",
+ "resourceVersion": "1192119588",
+ "uid": "c0aa2f3d-71ed-428d-9d11-4824f0e914da"
+ },
+ "spec": {
+ "podCIDR": "10.128.0.0/24",
+ "podCIDRs": [
+ "10.128.0.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.6",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.7\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control2.domain.local\",\"ip-addresses\":[\"172.10.57.7/24\"],\"ip-address\":\"172.10.57.7/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "3d8ab0a6-17aa-4425-a989-e5f681672a6f",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.2/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.13.130\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.7/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.2.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:24:11Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-control2.domain.local",
+ "resourceVersion": "1192119593",
+ "uid": "33735f94-a745-4d7d-8707-73df67cbc8e1"
+ },
+ "spec": {
+ "podCIDR": "10.128.1.0/24",
+ "podCIDRs": [
+ "10.128.1.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.7",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "15252816Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "16403792Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.8\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control3.domain.local\",\"ip-addresses\":[\"172.10.57.8/24\"],\"ip-address\":\"172.10.57.8/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "33908c13-7c84-44a8-a1ec-bcc0c7b9a363",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.3/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.9.205\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.8/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.4.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:25:24Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1c"
+ },
+ "name": "ocp-control3.domain.local",
+ "resourceVersion": "1192117923",
+ "uid": "ffd0364a-b48d-4b53-bb69-47568e6511b5"
+ },
+ "spec": {
+ "podCIDR": "10.128.2.0/24",
+ "podCIDRs": [
+ "10.128.2.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.8",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ }
+ ],
+ "kind": "List",
+ "metadata": {
+ "resourceVersion": ""
+ }
+}
+EOF
+
+jq_filter='.items | map(select(.metadata.labels["node-role.kubernetes.io/master"] == "") | .metadata.labels["topology.kubernetes.io/zone"]) | unique | length'
+
+# Get file path. This will actually be read by the scan
+filteredpath="$kube_apipath$nodes_apipath#$(echo -n "$nodes_apipath$jq_filter" | sha256sum | awk '{print $1}')"
+
+# populate filtered path with jq-filtered result
+jq "$jq_filter" "$kube_apipath$nodes_apipath" > "$filteredpath"
diff --git a/applications/openshift/high-availability/group.yml b/applications/openshift/high-availability/group.yml
new file mode 100644
index 00000000000..def8ee5a648
--- /dev/null
+++ b/applications/openshift/high-availability/group.yml
@@ -0,0 +1,6 @@
+documentation_complete: true
+
+
+title: 'OpenShift - High Availability Practices'
+
+description: 'Contains evaluations for practices to achieve high availability in an OpenShift environment.'
diff --git a/applications/openshift/high-availability/infra_nodes_in_two_zones_or_more/rule.yml b/applications/openshift/high-availability/infra_nodes_in_two_zones_or_more/rule.yml
new file mode 100644
index 00000000000..ece22dd411b
--- /dev/null
+++ b/applications/openshift/high-availability/infra_nodes_in_two_zones_or_more/rule.yml
@@ -0,0 +1,54 @@
+documentation_complete: true
+
+title: 'Ensure infrastructure nodes are distribute across three failure zones'
+
+description: |-
+ Distributing Kubernetes infrastructure nodes across failure zones enhances security by mitigating
+ the risk of a single point of failure and reducing the impact of infrastructure service
+ inavailability or attacks targeting a specific zone.
+
+rationale: |-
+ Distributing Kubernetes infrastructure nodes across failure zones is crucial for enhancing overall
+ system resilience and security. By spreading infrastructure components across different zones,
+ the system becomes more fault-tolerant, reducing the risk of widespread outages due to failures or
+ attacks in a single zone.
+ For infrastructure nodes, two failure zones are often deemed sufficient due to the nature of
+ infrastructure services, which typically don't rely on quorum-based applications like etcd.
+ Infrastructure services such as Ingress load balancers, logging or monitoring systems usually
+ operate independently across zones without requiring coordination for data consistency or failover.
+ Failure zones are marked on nodes using a well-known label called "topology.kubernetes.io/zone".
+ This label is automatically assigned to each node by cloud providers but might need to be managed
+ manually in other environments
+
+identifiers: {}
+
+references:
+ bsi: APP.4.4.A19
+
+severity: medium
+
+ocil_clause: 'Kubernetes infrastructure nodes not distributed across three failure zones'
+
+ocil: |-
+ Run the following command to determine the failure zones of the infrastructure nodes, indicated by
+ the label .
+ $ oc get nodes --selector "node-role.kubernetes.io/infra" -o custom-columns='NAME:.metadata.name,ZONE:.metadata.labels.topology\.kubernetes\.io/zone'
+ Make sure that three distinct zones are listed.
+
+{{% set jqfilter = '.items | map(select(.metadata.labels["node-role.kubernetes.io/infra"] == "") | .metadata.labels["topology.kubernetes.io/zone"]) | unique | length' %}}
+
+warnings:
+- general: |-
+ {{{ openshift_filtered_cluster_setting({'/api/v1/nodes': jqfilter}) | indent(4) }}}
+
+template:
+ name: yamlfile_value
+ vars:
+ ocp_data: "true"
+ filepath: |-
+ {{{ openshift_filtered_path('/api/v1/nodes', jqfilter) }}}
+ yamlpath: "$"
+ values:
+ - value: 2
+ type: int
+ operation: "greater than or equal"
diff --git a/applications/openshift/high-availability/infra_nodes_in_two_zones_or_more/tests/no_infra_nodes.pass.sh b/applications/openshift/high-availability/infra_nodes_in_two_zones_or_more/tests/no_infra_nodes.pass.sh
new file mode 100644
index 00000000000..b5e999296ab
--- /dev/null
+++ b/applications/openshift/high-availability/infra_nodes_in_two_zones_or_more/tests/no_infra_nodes.pass.sh
@@ -0,0 +1,669 @@
+#!/bin/bash
+# remediation = none
+# packages = jq
+
+kube_apipath="/kubernetes-api-resources"
+mkdir -p "$kube_apipath/api/v1"
+nodes_apipath="/api/v1/nodes"
+
+cat < "$kube_apipath$nodes_apipath"
+{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.6\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control1.domain.local\",\"ip-addresses\":[\"172.10.57.6/24\"],\"ip-address\":\"172.10.57.6/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "aa52d871-d0a8-46ee-a9be-913fd34f7692",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.8/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.9\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.6/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.0.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:23:02Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1b"
+ },
+ "name": "ocp-control1.domain.local",
+ "resourceVersion": "1192119588",
+ "uid": "c0aa2f3d-71ed-428d-9d11-4824f0e914da"
+ },
+ "spec": {
+ "podCIDR": "10.128.0.0/24",
+ "podCIDRs": [
+ "10.128.0.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.6",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.7\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control2.domain.local\",\"ip-addresses\":[\"172.10.57.7/24\"],\"ip-address\":\"172.10.57.7/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "3d8ab0a6-17aa-4425-a989-e5f681672a6f",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.2/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.13.130\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.7/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.2.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:24:11Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-control2.domain.local",
+ "resourceVersion": "1192119593",
+ "uid": "33735f94-a745-4d7d-8707-73df67cbc8e1"
+ },
+ "spec": {
+ "podCIDR": "10.128.1.0/24",
+ "podCIDRs": [
+ "10.128.1.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.7",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "15252816Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "16403792Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.8\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control3.domain.local\",\"ip-addresses\":[\"172.10.57.8/24\"],\"ip-address\":\"172.10.57.8/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "33908c13-7c84-44a8-a1ec-bcc0c7b9a363",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.3/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.9.205\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.8/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.4.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:25:24Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1c"
+ },
+ "name": "ocp-control3.domain.local",
+ "resourceVersion": "1192117923",
+ "uid": "ffd0364a-b48d-4b53-bb69-47568e6511b5"
+ },
+ "spec": {
+ "podCIDR": "10.128.2.0/24",
+ "podCIDRs": [
+ "10.128.2.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.8",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.11\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker1.domain.local\",\"ip-addresses\":[\"172.10.57.11/24\"],\"ip-address\":\"172.10.57.11/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "0777559e-2621-4da6-8d59-cc195de68507",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.4/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.6.62\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.11/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.10.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:48:16Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/infra": "",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-worker1.domain.local",
+ "resourceVersion": "1192122216",
+ "uid": "1667ec5a-ca3d-4994-88bd-27da3644e338"
+ },
+ "spec": {
+ "podCIDR": "10.128.5.0/24",
+ "podCIDRs": [
+ "10.128.5.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/infra"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.11",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.12\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker2.domain.local\",\"ip-addresses\":[\"172.10.57.12/24\"],\"ip-address\":\"172.10.57.12/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "88f61c26-848b-41d9-a200-e393ba709895",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.5/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.4.62\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.12/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.8.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:48:12Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/infra": "",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1b"
+ },
+ "name": "ocp-worker2.domain.local",
+ "resourceVersion": "1192122353",
+ "uid": "bd56f83c-e625-4365-a838-47fa496b7d93"
+ },
+ "spec": {
+ "podCIDR": "10.128.4.0/24",
+ "podCIDRs": [
+ "10.128.4.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/infra"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.12",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.13\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker3.domain.local\",\"ip-addresses\":[\"172.10.57.13/24\"],\"ip-address\":\"172.10.57.13/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "5a10fb7b-89d4-4510-8389-0578093eddb1",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.6/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.8.180\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.13/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.6.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:47:56Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/infra": "",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1c"
+ },
+ "name": "ocp-worker3.domain.local",
+ "resourceVersion": "1192119492",
+ "uid": "65395ca7-8181-4a0b-95cf-128922f105f5"
+ },
+ "spec": {
+ "podCIDR": "10.128.3.0/24",
+ "podCIDRs": [
+ "10.128.3.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/infra"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.13",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381096Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532072Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.15\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker4.domain.local\",\"ip-addresses\":[\"172.10.57.15/24\"],\"ip-address\":\"172.10.57.15/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "6877fce2-e6aa-43ae-817d-ed85e451a463",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.7/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.179\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.15/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.12.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-14T07:25:59Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker4.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos"
+ },
+ "name": "ocp-worker4.domain.local",
+ "resourceVersion": "1192119420",
+ "uid": "6e993021-17e9-4945-9c46-65e60c90c65a"
+ },
+ "spec": {},
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.15",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker4.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ }
+ ],
+ "kind": "List",
+ "metadata": {
+ "resourceVersion": ""
+ }
+}
+EOF
+
+jq_filter='.items | map(select(.metadata.labels["node-role.kubernetes.io/infra"] == "") | .metadata.labels["topology.kubernetes.io/zone"]) | unique | length'
+
+# Get file path. This will actually be read by the scan
+filteredpath="$kube_apipath$nodes_apipath#$(echo -n "$nodes_apipath$jq_filter" | sha256sum | awk '{print $1}')"
+
+# populate filtered path with jq-filtered result
+jq "$jq_filter" "$kube_apipath$nodes_apipath" > "$filteredpath"
diff --git a/applications/openshift/high-availability/infra_nodes_in_two_zones_or_more/tests/ocp4/e2e.yml b/applications/openshift/high-availability/infra_nodes_in_two_zones_or_more/tests/ocp4/e2e.yml
new file mode 100644
index 00000000000..f426dc3d7ea
--- /dev/null
+++ b/applications/openshift/high-availability/infra_nodes_in_two_zones_or_more/tests/ocp4/e2e.yml
@@ -0,0 +1,2 @@
+---
+default_result: FAIL
diff --git a/applications/openshift/high-availability/infra_nodes_in_two_zones_or_more/tests/one_zone.fail.sh b/applications/openshift/high-availability/infra_nodes_in_two_zones_or_more/tests/one_zone.fail.sh
new file mode 100644
index 00000000000..dbb65d687a6
--- /dev/null
+++ b/applications/openshift/high-availability/infra_nodes_in_two_zones_or_more/tests/one_zone.fail.sh
@@ -0,0 +1,669 @@
+#!/bin/bash
+# remediation = none
+# packages = jq
+
+kube_apipath="/kubernetes-api-resources"
+mkdir -p "$kube_apipath/api/v1"
+nodes_apipath="/api/v1/nodes"
+
+cat < "$kube_apipath$nodes_apipath"
+{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.6\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control1.domain.local\",\"ip-addresses\":[\"172.10.57.6/24\"],\"ip-address\":\"172.10.57.6/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chasskubernetes.io/hostnameis-id": "aa52d871-d0a8-46ee-a9be-913fd34f7692",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.8/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.9\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.6/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.0.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:23:02Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1b"
+ },
+ "name": "ocp-control1.domain.local",
+ "resourceVersion": "1192119588",
+ "uid": "c0aa2f3d-71ed-428d-9d11-4824f0e914da"
+ },
+ "spec": {
+ "podCIDR": "10.128.0.0/24",
+ "podCIDRs": [
+ "10.128.0.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.6",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.7\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control2.domain.local\",\"ip-addresses\":[\"172.10.57.7/24\"],\"ip-address\":\"172.10.57.7/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "3d8ab0a6-17aa-4425-a989-e5f681672a6f",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.2/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.13.130\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.7/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.2.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:24:11Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-control2.domain.local",
+ "resourceVersion": "1192119593",
+ "uid": "33735f94-a745-4d7d-8707-73df67cbc8e1"
+ },
+ "spec": {
+ "podCIDR": "10.128.1.0/24",
+ "podCIDRs": [
+ "10.128.1.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.7",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "15252816Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "16403792Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.8\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control3.domain.local\",\"ip-addresses\":[\"172.10.57.8/24\"],\"ip-address\":\"172.10.57.8/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "33908c13-7c84-44a8-a1ec-bcc0c7b9a363",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.3/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.9.205\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.8/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.4.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:25:24Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1c"
+ },
+ "name": "ocp-control3.domain.local",
+ "resourceVersion": "1192117923",
+ "uid": "ffd0364a-b48d-4b53-bb69-47568e6511b5"
+ },
+ "spec": {
+ "podCIDR": "10.128.2.0/24",
+ "podCIDRs": [
+ "10.128.2.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.8",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.11\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker1.domain.local\",\"ip-addresses\":[\"172.10.57.11/24\"],\"ip-address\":\"172.10.57.11/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "0777559e-2621-4da6-8d59-cc195de68507",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.4/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.6.62\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.11/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.10.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:48:16Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/infra": "",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-worker1.domain.local",
+ "resourceVersion": "1192122216",
+ "uid": "1667ec5a-ca3d-4994-88bd-27da3644e338"
+ },
+ "spec": {
+ "podCIDR": "10.128.5.0/24",
+ "podCIDRs": [
+ "10.128.5.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/infra"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.11",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.12\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker2.domain.local\",\"ip-addresses\":[\"172.10.57.12/24\"],\"ip-address\":\"172.10.57.12/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "88f61c26-848b-41d9-a200-e393ba709895",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.5/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.4.62\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.12/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.8.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:48:12Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/infra": "",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-worker2.domain.local",
+ "resourceVersion": "1192122353",
+ "uid": "bd56f83c-e625-4365-a838-47fa496b7d93"
+ },
+ "spec": {
+ "podCIDR": "10.128.4.0/24",
+ "podCIDRs": [
+ "10.128.4.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/infra"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.12",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.13\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker3.domain.local\",\"ip-addresses\":[\"172.10.57.13/24\"],\"ip-address\":\"172.10.57.13/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "5a10fb7b-89d4-4510-8389-0578093eddb1",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.6/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.8.180\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.13/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.6.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:47:56Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/infra": "",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-worker3.domain.local",
+ "resourceVersion": "1192119492",
+ "uid": "65395ca7-8181-4a0b-95cf-128922f105f5"
+ },
+ "spec": {
+ "podCIDR": "10.128.3.0/24",
+ "podCIDRs": [
+ "10.128.3.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/infra"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.13",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381096Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532072Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.15\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker4.domain.local\",\"ip-addresses\":[\"172.10.57.15/24\"],\"ip-address\":\"172.10.57.15/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "6877fce2-e6aa-43ae-817d-ed85e451a463",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.7/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.179\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.15/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.12.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-14T07:25:59Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker4.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos"
+ },
+ "name": "ocp-worker4.domain.local",
+ "resourceVersion": "1192119420",
+ "uid": "6e993021-17e9-4945-9c46-65e60c90c65a"
+ },
+ "spec": {},
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.15",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker4.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ }
+ ],
+ "kind": "List",
+ "metadata": {
+ "resourceVersion": ""
+ }
+}
+EOF
+
+jq_filter='.items | map(select(.metadata.labels["node-role.kubernetes.io/infra"] == "") | .metadata.labels["topology.kubernetes.io/zone"]) | unique | length'
+
+# Get file path. This will actually be read by the scan
+filteredpath="$kube_apipath$nodes_apipath#$(echo -n "$nodes_apipath$jq_filter" | sha256sum | awk '{print $1}')"
+
+# populate filtered path with jq-filtered result
+jq "$jq_filter" "$kube_apipath$nodes_apipath" > "$filteredpath"
diff --git a/applications/openshift/high-availability/infra_nodes_in_two_zones_or_more/tests/three_zones.pass.sh b/applications/openshift/high-availability/infra_nodes_in_two_zones_or_more/tests/three_zones.pass.sh
new file mode 100644
index 00000000000..343e92f3c0c
--- /dev/null
+++ b/applications/openshift/high-availability/infra_nodes_in_two_zones_or_more/tests/three_zones.pass.sh
@@ -0,0 +1,669 @@
+#!/bin/bash
+# remediation = none
+# packages = jq
+
+kube_apipath="/kubernetes-api-resources"
+mkdir -p "$kube_apipath/api/v1"
+nodes_apipath="/api/v1/nodes"
+
+cat < "$kube_apipath$nodes_apipath"
+{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.6\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control1.domain.local\",\"ip-addresses\":[\"172.10.57.6/24\"],\"ip-address\":\"172.10.57.6/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chasskubernetes.io/hostnameis-id": "aa52d871-d0a8-46ee-a9be-913fd34f7692",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.8/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.9\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.6/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.0.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:23:02Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1b"
+ },
+ "name": "ocp-control1.domain.local",
+ "resourceVersion": "1192119588",
+ "uid": "c0aa2f3d-71ed-428d-9d11-4824f0e914da"
+ },
+ "spec": {
+ "podCIDR": "10.128.0.0/24",
+ "podCIDRs": [
+ "10.128.0.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.6",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.7\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control2.domain.local\",\"ip-addresses\":[\"172.10.57.7/24\"],\"ip-address\":\"172.10.57.7/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "3d8ab0a6-17aa-4425-a989-e5f681672a6f",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.2/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.13.130\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.7/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.2.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:24:11Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-control2.domain.local",
+ "resourceVersion": "1192119593",
+ "uid": "33735f94-a745-4d7d-8707-73df67cbc8e1"
+ },
+ "spec": {
+ "podCIDR": "10.128.1.0/24",
+ "podCIDRs": [
+ "10.128.1.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.7",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "15252816Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "16403792Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.8\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control3.domain.local\",\"ip-addresses\":[\"172.10.57.8/24\"],\"ip-address\":\"172.10.57.8/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "33908c13-7c84-44a8-a1ec-bcc0c7b9a363",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.3/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.9.205\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.8/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.4.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:25:24Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1c"
+ },
+ "name": "ocp-control3.domain.local",
+ "resourceVersion": "1192117923",
+ "uid": "ffd0364a-b48d-4b53-bb69-47568e6511b5"
+ },
+ "spec": {
+ "podCIDR": "10.128.2.0/24",
+ "podCIDRs": [
+ "10.128.2.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.8",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.11\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker1.domain.local\",\"ip-addresses\":[\"172.10.57.11/24\"],\"ip-address\":\"172.10.57.11/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "0777559e-2621-4da6-8d59-cc195de68507",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.4/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.6.62\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.11/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.10.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:48:16Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/infra": "",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-worker1.domain.local",
+ "resourceVersion": "1192122216",
+ "uid": "1667ec5a-ca3d-4994-88bd-27da3644e338"
+ },
+ "spec": {
+ "podCIDR": "10.128.5.0/24",
+ "podCIDRs": [
+ "10.128.5.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/infra"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.11",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.12\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker2.domain.local\",\"ip-addresses\":[\"172.10.57.12/24\"],\"ip-address\":\"172.10.57.12/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "88f61c26-848b-41d9-a200-e393ba709895",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.5/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.4.62\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.12/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.8.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:48:12Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/infra": "",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1b"
+ },
+ "name": "ocp-worker2.domain.local",
+ "resourceVersion": "1192122353",
+ "uid": "bd56f83c-e625-4365-a838-47fa496b7d93"
+ },
+ "spec": {
+ "podCIDR": "10.128.4.0/24",
+ "podCIDRs": [
+ "10.128.4.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/infra"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.12",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.13\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker3.domain.local\",\"ip-addresses\":[\"172.10.57.13/24\"],\"ip-address\":\"172.10.57.13/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "5a10fb7b-89d4-4510-8389-0578093eddb1",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.6/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.8.180\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.13/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.6.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:47:56Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/infra": "",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1c"
+ },
+ "name": "ocp-worker3.domain.local",
+ "resourceVersion": "1192119492",
+ "uid": "65395ca7-8181-4a0b-95cf-128922f105f5"
+ },
+ "spec": {
+ "podCIDR": "10.128.3.0/24",
+ "podCIDRs": [
+ "10.128.3.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/infra"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.13",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381096Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532072Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.15\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker4.domain.local\",\"ip-addresses\":[\"172.10.57.15/24\"],\"ip-address\":\"172.10.57.15/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "6877fce2-e6aa-43ae-817d-ed85e451a463",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.7/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.179\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.15/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.12.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-14T07:25:59Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker4.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos"
+ },
+ "name": "ocp-worker4.domain.local",
+ "resourceVersion": "1192119420",
+ "uid": "6e993021-17e9-4945-9c46-65e60c90c65a"
+ },
+ "spec": {},
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.15",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker4.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ }
+ ],
+ "kind": "List",
+ "metadata": {
+ "resourceVersion": ""
+ }
+}
+EOF
+
+jq_filter='.items | map(select(.metadata.labels["node-role.kubernetes.io/infra"] == "") | .metadata.labels["topology.kubernetes.io/zone"]) | unique | length'
+
+# Get file path. This will actually be read by the scan
+filteredpath="$kube_apipath$nodes_apipath#$(echo -n "$nodes_apipath$jq_filter" | sha256sum | awk '{print $1}')"
+
+# populate filtered path with jq-filtered result
+jq "$jq_filter" "$kube_apipath$nodes_apipath" > "$filteredpath"
diff --git a/applications/openshift/general/multiple_nodes_in_every_role/rule.yml b/applications/openshift/high-availability/multiple_nodes_in_every_role/rule.yml
similarity index 100%
rename from applications/openshift/general/multiple_nodes_in_every_role/rule.yml
rename to applications/openshift/high-availability/multiple_nodes_in_every_role/rule.yml
diff --git a/applications/openshift/general/multiple_nodes_in_every_role/tests/master_infra_three_nodes.pass.sh b/applications/openshift/high-availability/multiple_nodes_in_every_role/tests/master_infra_three_nodes.pass.sh
similarity index 99%
rename from applications/openshift/general/multiple_nodes_in_every_role/tests/master_infra_three_nodes.pass.sh
rename to applications/openshift/high-availability/multiple_nodes_in_every_role/tests/master_infra_three_nodes.pass.sh
index c6ee47e2529..9691ae01646 100644
--- a/applications/openshift/general/multiple_nodes_in_every_role/tests/master_infra_three_nodes.pass.sh
+++ b/applications/openshift/high-availability/multiple_nodes_in_every_role/tests/master_infra_three_nodes.pass.sh
@@ -1,7 +1,6 @@
#!/bin/bash
# remediation = none
-
-yum install -y jq
+# packages = jq
kube_apipath="/kubernetes-api-resources"
mkdir -p "$kube_apipath/apis/machineconfiguration.openshift.io/v1"
diff --git a/applications/openshift/general/multiple_nodes_in_every_role/tests/ocp4/e2e.yml b/applications/openshift/high-availability/multiple_nodes_in_every_role/tests/ocp4/e2e.yml
similarity index 100%
rename from applications/openshift/general/multiple_nodes_in_every_role/tests/ocp4/e2e.yml
rename to applications/openshift/high-availability/multiple_nodes_in_every_role/tests/ocp4/e2e.yml
diff --git a/applications/openshift/general/multiple_nodes_in_every_role/tests/single_worker.fail.sh b/applications/openshift/high-availability/multiple_nodes_in_every_role/tests/single_worker.fail.sh
similarity index 99%
rename from applications/openshift/general/multiple_nodes_in_every_role/tests/single_worker.fail.sh
rename to applications/openshift/high-availability/multiple_nodes_in_every_role/tests/single_worker.fail.sh
index 0a0b2ba7e38..3ec11577fd0 100644
--- a/applications/openshift/general/multiple_nodes_in_every_role/tests/single_worker.fail.sh
+++ b/applications/openshift/high-availability/multiple_nodes_in_every_role/tests/single_worker.fail.sh
@@ -1,7 +1,6 @@
#!/bin/bash
# remediation = none
-
-yum install -y jq
+# packages = jq
kube_apipath="/kubernetes-api-resources"
mkdir -p "$kube_apipath/apis/machineconfiguration.openshift.io/v1"
diff --git a/applications/openshift/master/three_control_plane_nodes/rule.yml b/applications/openshift/high-availability/three_control_plane_nodes/rule.yml
similarity index 100%
rename from applications/openshift/master/three_control_plane_nodes/rule.yml
rename to applications/openshift/high-availability/three_control_plane_nodes/rule.yml
diff --git a/applications/openshift/master/three_control_plane_nodes/tests/ocp4/e2e.yml b/applications/openshift/high-availability/three_control_plane_nodes/tests/ocp4/e2e.yml
similarity index 100%
rename from applications/openshift/master/three_control_plane_nodes/tests/ocp4/e2e.yml
rename to applications/openshift/high-availability/three_control_plane_nodes/tests/ocp4/e2e.yml
diff --git a/applications/openshift/master/three_control_plane_nodes/tests/three_masters.pass.sh b/applications/openshift/high-availability/three_control_plane_nodes/tests/three_masters.pass.sh
similarity index 100%
rename from applications/openshift/master/three_control_plane_nodes/tests/three_masters.pass.sh
rename to applications/openshift/high-availability/three_control_plane_nodes/tests/three_masters.pass.sh
diff --git a/applications/openshift/master/three_control_plane_nodes/tests/two_masters.fail.sh b/applications/openshift/high-availability/three_control_plane_nodes/tests/two_masters.fail.sh
similarity index 100%
rename from applications/openshift/master/three_control_plane_nodes/tests/two_masters.fail.sh
rename to applications/openshift/high-availability/three_control_plane_nodes/tests/two_masters.fail.sh
diff --git a/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/rule.yml b/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/rule.yml
new file mode 100644
index 00000000000..373585afc6e
--- /dev/null
+++ b/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/rule.yml
@@ -0,0 +1,52 @@
+documentation_complete: true
+
+title: 'Ensure worker nodes are distribute across three failure zones'
+
+description: |-
+ Distributing Kubernetes worker nodes across failure zones enhances security by mitigating
+ the risk of a single point of failure and reducing the impact of application workload
+ inavailability or attacks targeting a specific zone.
+
+rationale: |-
+ Distributing Kubernetes worker nodes across failure zones is crucial for enhancing overall
+ system resilience and security. By spreading applications across different zones, the system
+ becomes more fault-tolerant, reducing the risk of widespread outages due to failures or
+ attacks in a single zone.
+ For application workloads nodes, two failure zones are often deemed sufficient due to the nature
+ of typical applications, which typically don't rely on quorum-based applications like etcd.
+ Failure zones are marked on nodes using a well-known label called "topology.kubernetes.io/zone".
+ This label is automatically assigned to each node by cloud providers but might need to be managed
+ manually in other environments
+
+identifiers: {}
+
+references:
+ bsi: APP.4.4.A19
+
+severity: medium
+
+ocil_clause: 'Kubernetes worker nodes not distributed across three failure zones'
+
+ocil: |-
+ Run the following command to determine the failure zones of the worker nodes, indicated by
+ the label .
+ $ oc get nodes --selector "node-role.kubernetes.io/worker" -o custom-columns='NAME:.metadata.name,ZONE:.metadata.labels.topology\.kubernetes\.io/zone'
+ Make sure that three distinct zones are listed.
+
+{{% set jqfilter = '.items | map(select(.metadata.labels["node-role.kubernetes.io/worker"] == "") | .metadata.labels["topology.kubernetes.io/zone"]) | unique | length' %}}
+
+warnings:
+- general: |-
+ {{{ openshift_filtered_cluster_setting({'/api/v1/nodes': jqfilter}) | indent(4) }}}
+
+template:
+ name: yamlfile_value
+ vars:
+ ocp_data: "true"
+ filepath: |-
+ {{{ openshift_filtered_path('/api/v1/nodes', jqfilter) }}}
+ yamlpath: "$"
+ values:
+ - value: 2
+ type: int
+ operation: "greater than or equal"
diff --git a/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/tests/four_zones.pass.sh b/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/tests/four_zones.pass.sh
new file mode 100644
index 00000000000..78a0dd8c2e6
--- /dev/null
+++ b/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/tests/four_zones.pass.sh
@@ -0,0 +1,650 @@
+#!/bin/bash
+# remediation = none
+# packages = jq
+
+kube_apipath="/kubernetes-api-resources"
+mkdir -p "$kube_apipath/api/v1"
+nodes_apipath="/api/v1/nodes"
+
+cat < "$kube_apipath$nodes_apipath"
+{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.6\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control1.domain.local\",\"ip-addresses\":[\"172.10.57.6/24\"],\"ip-address\":\"172.10.57.6/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chasskubernetes.io/hostnameis-id": "aa52d871-d0a8-46ee-a9be-913fd34f7692",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.8/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.9\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.6/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.0.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:23:02Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1b"
+ },
+ "name": "ocp-control1.domain.local",
+ "resourceVersion": "1192119588",
+ "uid": "c0aa2f3d-71ed-428d-9d11-4824f0e914da"
+ },
+ "spec": {
+ "podCIDR": "10.128.0.0/24",
+ "podCIDRs": [
+ "10.128.0.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.6",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.7\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control2.domain.local\",\"ip-addresses\":[\"172.10.57.7/24\"],\"ip-address\":\"172.10.57.7/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "3d8ab0a6-17aa-4425-a989-e5f681672a6f",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.2/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.13.130\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.7/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.2.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:24:11Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-control2.domain.local",
+ "resourceVersion": "1192119593",
+ "uid": "33735f94-a745-4d7d-8707-73df67cbc8e1"
+ },
+ "spec": {
+ "podCIDR": "10.128.1.0/24",
+ "podCIDRs": [
+ "10.128.1.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.7",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "15252816Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "16403792Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.8\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control3.domain.local\",\"ip-addresses\":[\"172.10.57.8/24\"],\"ip-address\":\"172.10.57.8/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "33908c13-7c84-44a8-a1ec-bcc0c7b9a363",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.3/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.9.205\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.8/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.4.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:25:24Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1c"
+ },
+ "name": "ocp-control3.domain.local",
+ "resourceVersion": "1192117923",
+ "uid": "ffd0364a-b48d-4b53-bb69-47568e6511b5"
+ },
+ "spec": {
+ "podCIDR": "10.128.2.0/24",
+ "podCIDRs": [
+ "10.128.2.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.8",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.11\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker1.domain.local\",\"ip-addresses\":[\"172.10.57.11/24\"],\"ip-address\":\"172.10.57.11/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "0777559e-2621-4da6-8d59-cc195de68507",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.4/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.6.62\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.11/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.10.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:48:16Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-worker1.domain.local",
+ "resourceVersion": "1192122216",
+ "uid": "1667ec5a-ca3d-4994-88bd-27da3644e338"
+ },
+ "spec": {
+ "podCIDR": "10.128.5.0/24",
+ "podCIDRs": [
+ "10.128.5.0/24"
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.11",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.12\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker2.domain.local\",\"ip-addresses\":[\"172.10.57.12/24\"],\"ip-address\":\"172.10.57.12/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "88f61c26-848b-41d9-a200-e393ba709895",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.5/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.4.62\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.12/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.8.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:48:12Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1b"
+ },
+ "name": "ocp-worker2.domain.local",
+ "resourceVersion": "1192122353",
+ "uid": "bd56f83c-e625-4365-a838-47fa496b7d93"
+ },
+ "spec": {
+ "podCIDR": "10.128.4.0/24",
+ "podCIDRs": [
+ "10.128.4.0/24"
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.12",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.13\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker3.domain.local\",\"ip-addresses\":[\"172.10.57.13/24\"],\"ip-address\":\"172.10.57.13/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "5a10fb7b-89d4-4510-8389-0578093eddb1",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.6/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.8.180\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.13/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.6.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:47:56Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1c"
+ },
+ "name": "ocp-worker3.domain.local",
+ "resourceVersion": "1192119492",
+ "uid": "65395ca7-8181-4a0b-95cf-128922f105f5"
+ },
+ "spec": {
+ "podCIDR": "10.128.3.0/24",
+ "podCIDRs": [
+ "10.128.3.0/24"
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.13",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381096Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532072Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.15\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker4.domain.local\",\"ip-addresses\":[\"172.10.57.15/24\"],\"ip-address\":\"172.10.57.15/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "6877fce2-e6aa-43ae-817d-ed85e451a463",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.7/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.179\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.15/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.12.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-14T07:25:59Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker4.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1d"
+ },
+ "name": "ocp-worker4.domain.local",
+ "resourceVersion": "1192119420",
+ "uid": "6e993021-17e9-4945-9c46-65e60c90c65a"
+ },
+ "spec": {},
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.15",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker4.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ }
+ ],
+ "kind": "List",
+ "metadata": {
+ "resourceVersion": ""
+ }
+}
+EOF
+
+jq_filter='.items | map(select(.metadata.labels["node-role.kubernetes.io/worker"] == "") | .metadata.labels["topology.kubernetes.io/zone"]) | unique | length'
+
+# Get file path. This will actually be read by the scan
+filteredpath="$kube_apipath$nodes_apipath#$(echo -n "$nodes_apipath$jq_filter" | sha256sum | awk '{print $1}')"
+
+# populate filtered path with jq-filtered result
+jq "$jq_filter" "$kube_apipath$nodes_apipath" > "$filteredpath"
diff --git a/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/tests/no_zone.fail.sh b/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/tests/no_zone.fail.sh
new file mode 100644
index 00000000000..01c6150153f
--- /dev/null
+++ b/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/tests/no_zone.fail.sh
@@ -0,0 +1,642 @@
+#!/bin/bash
+# remediation = none
+# packages = jq
+
+kube_apipath="/kubernetes-api-resources"
+mkdir -p "$kube_apipath/api/v1"
+nodes_apipath="/api/v1/nodes"
+
+cat < "$kube_apipath$nodes_apipath"
+{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.6\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control1.domain.local\",\"ip-addresses\":[\"172.10.57.6/24\"],\"ip-address\":\"172.10.57.6/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chasskubernetes.io/hostnameis-id": "aa52d871-d0a8-46ee-a9be-913fd34f7692",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.8/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.9\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.6/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.0.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:23:02Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1b"
+ },
+ "name": "ocp-control1.domain.local",
+ "resourceVersion": "1192119588",
+ "uid": "c0aa2f3d-71ed-428d-9d11-4824f0e914da"
+ },
+ "spec": {
+ "podCIDR": "10.128.0.0/24",
+ "podCIDRs": [
+ "10.128.0.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.6",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.7\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control2.domain.local\",\"ip-addresses\":[\"172.10.57.7/24\"],\"ip-address\":\"172.10.57.7/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "3d8ab0a6-17aa-4425-a989-e5f681672a6f",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.2/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.13.130\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.7/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.2.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:24:11Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-control2.domain.local",
+ "resourceVersion": "1192119593",
+ "uid": "33735f94-a745-4d7d-8707-73df67cbc8e1"
+ },
+ "spec": {
+ "podCIDR": "10.128.1.0/24",
+ "podCIDRs": [
+ "10.128.1.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.7",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "15252816Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "16403792Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.8\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control3.domain.local\",\"ip-addresses\":[\"172.10.57.8/24\"],\"ip-address\":\"172.10.57.8/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "33908c13-7c84-44a8-a1ec-bcc0c7b9a363",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.3/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.9.205\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.8/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.4.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:25:24Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1c"
+ },
+ "name": "ocp-control3.domain.local",
+ "resourceVersion": "1192117923",
+ "uid": "ffd0364a-b48d-4b53-bb69-47568e6511b5"
+ },
+ "spec": {
+ "podCIDR": "10.128.2.0/24",
+ "podCIDRs": [
+ "10.128.2.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.8",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.11\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker1.domain.local\",\"ip-addresses\":[\"172.10.57.11/24\"],\"ip-address\":\"172.10.57.11/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "0777559e-2621-4da6-8d59-cc195de68507",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.4/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.6.62\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.11/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.10.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:48:16Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos"
+ },
+ "name": "ocp-worker1.domain.local",
+ "resourceVersion": "1192122216",
+ "uid": "1667ec5a-ca3d-4994-88bd-27da3644e338"
+ },
+ "spec": {
+ "podCIDR": "10.128.5.0/24",
+ "podCIDRs": [
+ "10.128.5.0/24"
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.11",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.12\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker2.domain.local\",\"ip-addresses\":[\"172.10.57.12/24\"],\"ip-address\":\"172.10.57.12/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "88f61c26-848b-41d9-a200-e393ba709895",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.5/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.4.62\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.12/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.8.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:48:12Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos"
+ },
+ "name": "ocp-worker2.domain.local",
+ "resourceVersion": "1192122353",
+ "uid": "bd56f83c-e625-4365-a838-47fa496b7d93"
+ },
+ "spec": {
+ "podCIDR": "10.128.4.0/24",
+ "podCIDRs": [
+ "10.128.4.0/24"
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.12",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.13\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker3.domain.local\",\"ip-addresses\":[\"172.10.57.13/24\"],\"ip-address\":\"172.10.57.13/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "5a10fb7b-89d4-4510-8389-0578093eddb1",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.6/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.8.180\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.13/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.6.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:47:56Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos"
+ },
+ "name": "ocp-worker3.domain.local",
+ "resourceVersion": "1192119492",
+ "uid": "65395ca7-8181-4a0b-95cf-128922f105f5"
+ },
+ "spec": {
+ "podCIDR": "10.128.3.0/24",
+ "podCIDRs": [
+ "10.128.3.0/24"
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.13",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381096Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532072Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.15\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker4.domain.local\",\"ip-addresses\":[\"172.10.57.15/24\"],\"ip-address\":\"172.10.57.15/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "6877fce2-e6aa-43ae-817d-ed85e451a463",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.7/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.179\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.15/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.12.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-14T07:25:59Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker4.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos"
+ },
+ "name": "ocp-worker4.domain.local",
+ "resourceVersion": "1192119420",
+ "uid": "6e993021-17e9-4945-9c46-65e60c90c65a"
+ },
+ "spec": {},
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.15",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker4.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ }
+ ],
+ "kind": "List",
+ "metadata": {
+ "resourceVersion": ""
+ }
+}
+EOF
+
+jq_filter='.items | map(select(.metadata.labels["node-role.kubernetes.io/worker"] == "") | .metadata.labels["topology.kubernetes.io/zone"]) | unique | length'
+
+# Get file path. This will actually be read by the scan
+filteredpath="$kube_apipath$nodes_apipath#$(echo -n "$nodes_apipath$jq_filter" | sha256sum | awk '{print $1}')"
+
+# populate filtered path with jq-filtered result
+jq "$jq_filter" "$kube_apipath$nodes_apipath" > "$filteredpath"
diff --git a/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/tests/ocp4/e2e.yml b/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/tests/ocp4/e2e.yml
new file mode 100644
index 00000000000..f426dc3d7ea
--- /dev/null
+++ b/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/tests/ocp4/e2e.yml
@@ -0,0 +1,2 @@
+---
+default_result: FAIL
diff --git a/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/tests/one_zone.fail.sh b/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/tests/one_zone.fail.sh
new file mode 100644
index 00000000000..4ef85a2fa95
--- /dev/null
+++ b/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/tests/one_zone.fail.sh
@@ -0,0 +1,650 @@
+#!/bin/bash
+# remediation = none
+# packages = jq
+
+kube_apipath="/kubernetes-api-resources"
+mkdir -p "$kube_apipath/api/v1"
+nodes_apipath="/api/v1/nodes"
+
+cat < "$kube_apipath$nodes_apipath"
+{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.6\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control1.domain.local\",\"ip-addresses\":[\"172.10.57.6/24\"],\"ip-address\":\"172.10.57.6/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chasskubernetes.io/hostnameis-id": "aa52d871-d0a8-46ee-a9be-913fd34f7692",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.8/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.9\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.6/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.0.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:23:02Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1b"
+ },
+ "name": "ocp-control1.domain.local",
+ "resourceVersion": "1192119588",
+ "uid": "c0aa2f3d-71ed-428d-9d11-4824f0e914da"
+ },
+ "spec": {
+ "podCIDR": "10.128.0.0/24",
+ "podCIDRs": [
+ "10.128.0.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.6",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.7\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control2.domain.local\",\"ip-addresses\":[\"172.10.57.7/24\"],\"ip-address\":\"172.10.57.7/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "3d8ab0a6-17aa-4425-a989-e5f681672a6f",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.2/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.13.130\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.7/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.2.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:24:11Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-control2.domain.local",
+ "resourceVersion": "1192119593",
+ "uid": "33735f94-a745-4d7d-8707-73df67cbc8e1"
+ },
+ "spec": {
+ "podCIDR": "10.128.1.0/24",
+ "podCIDRs": [
+ "10.128.1.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.7",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "15252816Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "16403792Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.8\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control3.domain.local\",\"ip-addresses\":[\"172.10.57.8/24\"],\"ip-address\":\"172.10.57.8/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "33908c13-7c84-44a8-a1ec-bcc0c7b9a363",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.3/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.9.205\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.8/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.4.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:25:24Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1c"
+ },
+ "name": "ocp-control3.domain.local",
+ "resourceVersion": "1192117923",
+ "uid": "ffd0364a-b48d-4b53-bb69-47568e6511b5"
+ },
+ "spec": {
+ "podCIDR": "10.128.2.0/24",
+ "podCIDRs": [
+ "10.128.2.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.8",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.11\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker1.domain.local\",\"ip-addresses\":[\"172.10.57.11/24\"],\"ip-address\":\"172.10.57.11/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "0777559e-2621-4da6-8d59-cc195de68507",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.4/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.6.62\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.11/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.10.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:48:16Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-worker1.domain.local",
+ "resourceVersion": "1192122216",
+ "uid": "1667ec5a-ca3d-4994-88bd-27da3644e338"
+ },
+ "spec": {
+ "podCIDR": "10.128.5.0/24",
+ "podCIDRs": [
+ "10.128.5.0/24"
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.11",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.12\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker2.domain.local\",\"ip-addresses\":[\"172.10.57.12/24\"],\"ip-address\":\"172.10.57.12/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "88f61c26-848b-41d9-a200-e393ba709895",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.5/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.4.62\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.12/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.8.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:48:12Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-worker2.domain.local",
+ "resourceVersion": "1192122353",
+ "uid": "bd56f83c-e625-4365-a838-47fa496b7d93"
+ },
+ "spec": {
+ "podCIDR": "10.128.4.0/24",
+ "podCIDRs": [
+ "10.128.4.0/24"
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.12",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.13\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker3.domain.local\",\"ip-addresses\":[\"172.10.57.13/24\"],\"ip-address\":\"172.10.57.13/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "5a10fb7b-89d4-4510-8389-0578093eddb1",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.6/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.8.180\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.13/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.6.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:47:56Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-worker3.domain.local",
+ "resourceVersion": "1192119492",
+ "uid": "65395ca7-8181-4a0b-95cf-128922f105f5"
+ },
+ "spec": {
+ "podCIDR": "10.128.3.0/24",
+ "podCIDRs": [
+ "10.128.3.0/24"
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.13",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381096Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532072Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.15\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker4.domain.local\",\"ip-addresses\":[\"172.10.57.15/24\"],\"ip-address\":\"172.10.57.15/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "6877fce2-e6aa-43ae-817d-ed85e451a463",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.7/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.179\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.15/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.12.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-14T07:25:59Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker4.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-worker4.domain.local",
+ "resourceVersion": "1192119420",
+ "uid": "6e993021-17e9-4945-9c46-65e60c90c65a"
+ },
+ "spec": {},
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.15",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker4.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ }
+ ],
+ "kind": "List",
+ "metadata": {
+ "resourceVersion": ""
+ }
+}
+EOF
+
+jq_filter='.items | map(select(.metadata.labels["node-role.kubernetes.io/worker"] == "") | .metadata.labels["topology.kubernetes.io/zone"]) | unique | length'
+
+# Get file path. This will actually be read by the scan
+filteredpath="$kube_apipath$nodes_apipath#$(echo -n "$nodes_apipath$jq_filter" | sha256sum | awk '{print $1}')"
+
+# populate filtered path with jq-filtered result
+jq "$jq_filter" "$kube_apipath$nodes_apipath" > "$filteredpath"
diff --git a/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/tests/three_zones.pass.sh b/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/tests/three_zones.pass.sh
new file mode 100644
index 00000000000..d682b19627e
--- /dev/null
+++ b/applications/openshift/high-availability/worker_nodes_in_two_zones_or_more/tests/three_zones.pass.sh
@@ -0,0 +1,650 @@
+#!/bin/bash
+# remediation = none
+# packages = jq
+
+kube_apipath="/kubernetes-api-resources"
+mkdir -p "$kube_apipath/api/v1"
+nodes_apipath="/api/v1/nodes"
+
+cat < "$kube_apipath$nodes_apipath"
+{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.6\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control1.domain.local\",\"ip-addresses\":[\"172.10.57.6/24\"],\"ip-address\":\"172.10.57.6/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chasskubernetes.io/hostnameis-id": "aa52d871-d0a8-46ee-a9be-913fd34f7692",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.8/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.9\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.6/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.0.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:23:02Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1b"
+ },
+ "name": "ocp-control1.domain.local",
+ "resourceVersion": "1192119588",
+ "uid": "c0aa2f3d-71ed-428d-9d11-4824f0e914da"
+ },
+ "spec": {
+ "podCIDR": "10.128.0.0/24",
+ "podCIDRs": [
+ "10.128.0.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.6",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.7\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control2.domain.local\",\"ip-addresses\":[\"172.10.57.7/24\"],\"ip-address\":\"172.10.57.7/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "3d8ab0a6-17aa-4425-a989-e5f681672a6f",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.2/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.13.130\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.7/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.2.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:24:11Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-control2.domain.local",
+ "resourceVersion": "1192119593",
+ "uid": "33735f94-a745-4d7d-8707-73df67cbc8e1"
+ },
+ "spec": {
+ "podCIDR": "10.128.1.0/24",
+ "podCIDRs": [
+ "10.128.1.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.7",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "15252816Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "16403792Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.8\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-control3.domain.local\",\"ip-addresses\":[\"172.10.57.8/24\"],\"ip-address\":\"172.10.57.8/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "33908c13-7c84-44a8-a1ec-bcc0c7b9a363",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.3/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.9.205\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.8/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.4.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-master-d0a23f1409780adbe3913473e3e42154",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:25:24Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-control3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/master": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1c"
+ },
+ "name": "ocp-control3.domain.local",
+ "resourceVersion": "1192117923",
+ "uid": "ffd0364a-b48d-4b53-bb69-47568e6511b5"
+ },
+ "spec": {
+ "podCIDR": "10.128.2.0/24",
+ "podCIDRs": [
+ "10.128.2.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key": "node-role.kubernetes.io/master"
+ }
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.8",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-control3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "3500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "15252768Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "16403744Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.11\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker1.domain.local\",\"ip-addresses\":[\"172.10.57.11/24\"],\"ip-address\":\"172.10.57.11/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "0777559e-2621-4da6-8d59-cc195de68507",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.4/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.6.62\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.11/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.10.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-worker-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/ssh": "accessed",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:48:16Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker1.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-worker1.domain.local",
+ "resourceVersion": "1192122216",
+ "uid": "1667ec5a-ca3d-4994-88bd-27da3644e338"
+ },
+ "spec": {
+ "podCIDR": "10.128.5.0/24",
+ "podCIDRs": [
+ "10.128.5.0/24"
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.11",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker1.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.12\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker2.domain.local\",\"ip-addresses\":[\"172.10.57.12/24\"],\"ip-address\":\"172.10.57.12/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "88f61c26-848b-41d9-a200-e393ba709895",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.5/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.4.62\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.12/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.8.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:48:12Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker2.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1b"
+ },
+ "name": "ocp-worker2.domain.local",
+ "resourceVersion": "1192122353",
+ "uid": "bd56f83c-e625-4365-a838-47fa496b7d93"
+ },
+ "spec": {
+ "podCIDR": "10.128.4.0/24",
+ "podCIDRs": [
+ "10.128.4.0/24"
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.12",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker2.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.13\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker3.domain.local\",\"ip-addresses\":[\"172.10.57.13/24\"],\"ip-address\":\"172.10.57.13/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "5a10fb7b-89d4-4510-8389-0578093eddb1",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.6/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.8.180\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.13/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.6.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-04T14:47:56Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker3.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1c"
+ },
+ "name": "ocp-worker3.domain.local",
+ "resourceVersion": "1192119492",
+ "uid": "65395ca7-8181-4a0b-95cf-128922f105f5"
+ },
+ "spec": {
+ "podCIDR": "10.128.3.0/24",
+ "podCIDRs": [
+ "10.128.3.0/24"
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.13",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker3.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381096Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532072Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "k8s.ovn.org/host-addresses": "[\"172.10.57.15\"]",
+ "k8s.ovn.org/l3-gateway-config": "{\"default\":{\"mode\":\"shared\",\"interface-id\":\"br-ex_ocp-worker4.domain.local\",\"ip-addresses\":[\"172.10.57.15/24\"],\"ip-address\":\"172.10.57.15/24\",\"next-hops\":[\"172.10.57.1\"],\"next-hop\":\"172.10.57.1\",\"node-port-enable\":\"true\",\"vlan-id\":\"0\"}}",
+ "k8s.ovn.org/node-chassis-id": "6877fce2-e6aa-43ae-817d-ed85e451a463",
+ "k8s.ovn.org/node-gateway-router-lrp-ifaddr": "{\"ipv4\":\"100.64.0.7/16\"}",
+ "k8s.ovn.org/node-local-nat-ip": "{\"default\":[\"169.254.5.179\"]}",
+ "k8s.ovn.org/node-primary-ifaddr": "{\"ipv4\":\"172.10.57.15/24\"}",
+ "k8s.ovn.org/node-subnets": "{\"default\":\"10.128.12.0/23\"}",
+ "machineconfiguration.openshift.io/controlPlaneTopology": "HighlyAvailable",
+ "machineconfiguration.openshift.io/currentConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredConfig": "rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/desiredDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/lastAppliedDrain": "uncordon-rendered-infra-2bc1dcecc35503442d9102830613c52b",
+ "machineconfiguration.openshift.io/reason": "",
+ "machineconfiguration.openshift.io/state": "Done",
+ "volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2023-01-14T07:25:59Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "cluster.ocs.openshift.io/openshift-storage": "",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "ocp-worker4.domain.local",
+ "kubernetes.io/os": "linux",
+ "node-role.kubernetes.io/worker": "",
+ "node.openshift.io/os_id": "rhcos",
+ "topology.kubernetes.io/region": "eu-central-1",
+ "topology.kubernetes.io/zone": "eu-central-1a"
+ },
+ "name": "ocp-worker4.domain.local",
+ "resourceVersion": "1192119420",
+ "uid": "6e993021-17e9-4945-9c46-65e60c90c65a"
+ },
+ "spec": {},
+ "status": {
+ "addresses": [
+ {
+ "address": "172.10.57.15",
+ "type": "InternalIP"
+ },
+ {
+ "address": "ocp-worker4.domain.local",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "5500m",
+ "ephemeral-storage": "114381692328",
+ "hugepages-2Mi": "0",
+ "memory": "19381080Ki",
+ "pods": "250"
+ },
+ "capacity": {
+ "cpu": "6",
+ "ephemeral-storage": "125277164Ki",
+ "hugepages-2Mi": "0",
+ "memory": "20532056Ki",
+ "pods": "250"
+ },
+ "conditions": [],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "containerRuntimeVersion": "cri-o://1.25.4-4.1.rhaos4.12.gitb9319a2.el8",
+ "kernelVersion": "4.18.0-372.76.1.el8_6.x86_64",
+ "kubeProxyVersion": "v1.25.14+20cda61",
+ "kubeletVersion": "v1.25.14+20cda61",
+ "operatingSystem": "linux",
+ "osImage": "Red Hat Enterprise Linux CoreOS 412.86.202310170023-0 (Ootpa)"
+ }
+ }
+ }
+ ],
+ "kind": "List",
+ "metadata": {
+ "resourceVersion": ""
+ }
+}
+EOF
+
+jq_filter='.items | map(select(.metadata.labels["node-role.kubernetes.io/worker"] == "") | .metadata.labels["topology.kubernetes.io/zone"]) | unique | length'
+
+# Get file path. This will actually be read by the scan
+filteredpath="$kube_apipath$nodes_apipath#$(echo -n "$nodes_apipath$jq_filter" | sha256sum | awk '{print $1}')"
+
+# populate filtered path with jq-filtered result
+jq "$jq_filter" "$kube_apipath$nodes_apipath" > "$filteredpath"
diff --git a/applications/openshift/worker/file_owner_worker_ca/rule.yml b/applications/openshift/worker/file_owner_worker_ca/rule.yml
index 0d1902c929b..f4eef80c9c1 100644
--- a/applications/openshift/worker/file_owner_worker_ca/rule.yml
+++ b/applications/openshift/worker/file_owner_worker_ca/rule.yml
@@ -18,7 +18,6 @@ identifiers:
cce@ocp4: CCE-83495-2
references:
- bsi: APP.4.4.A17
bsi: APP.4.4.A17
cis@ocp4: 4.1.8
nerc-cip: CIP-003-8 R6,CIP-004-6 R3,CIP-007-3 R6.1
diff --git a/controls/bsi_app_4_4.yml b/controls/bsi_app_4_4.yml
index 33373879f19..16dfabe82e1 100644
--- a/controls/bsi_app_4_4.yml
+++ b/controls/bsi_app_4_4.yml
@@ -423,13 +423,14 @@ controls:
control is mostly inheretly met when using CoreOS for all nodes.
Section 1: OpenShift uses an internal Certificate Authority (CA). The nodes (kubelet to API server
- and MachineConfig daemon to MachineConfi server) are communicating using node-specific certificates,
+ and MachineConfig daemon to MachineConfig server) are communicating using node-specific certificates,
signed by this CA. Correct permissions of relevant files and secure TLS configuration are verified
- using the referenced rules.
+ using the referenced rules. A TPM-verified status is not present with currently built-in mechanisms
+ of OpenShift.
Section 2: Using the Red Hat File Integrity Operator, all files on the RHCOS nodes can be
cryptographically checked for integrity using Advanced Intrusion Detection Environment (AIDE).
- status: automated
+ status: partial
rules:
# Section 1 (worker / kubelet)
- file_groupowner_kubelet_conf
@@ -526,13 +527,34 @@ controls:
several fire zones based on the location data of the corresponding nodes so that the failure of a
fire zone will not lead to the failure of an application.
notes: >-
- TBD
+ Section 1: OpenShift support topology labels to differentiate between failure zones. To achieve
+ continued operation without interruption, nodes of every role need to be spread across zones.
+ For quorum-based applications, such as the Kubernetes control plane, three zones are required.
+ A sufficient number of control plane nodes and sufficient spreading across zones is checked using
+ rules. If a restart-based approach is chosen, the adequacy needs to be ensured organizationally.
+
+ Section 2: The availability of all required resources for operation after restart in a different
+ site needs to be ensured organizationally. Regular tests are essential. The availability of
+ persistent data used by pods requires the storage inside of PVs/PVCs and a storage provider,
+ that is also available at the alternative site.
+
+ Section 3: The OpenShift control plane is evenly distributed across the control plane nodes
+ out-of-the box. If the control plane nodes are distributed across failure zones, the control
+ plane is hence prone to node or zone outage. For infrastructure and application workloads, a
+ distribution across nodes and zones needs to be configured during deployment using affinity /
+ anti-affinity rules or topology spread constraints.
+
+ Single Node OpenShift (SNO) is not highly available and therefore incompliant to this control.
status: pending
rules:
+ # Section 1, 3
+ - multiple_nodes_in_every_role
+ - control_plane_nodes_in_three_zones
+ - worker_nodes_in_two_zones_or_more
+ - infra_nodes_in_two_zones_or_more
# Section 3
- three_control_plane_nodes
- - multiple_nodes_in_every_role
- # TODO: Check Zones of Nodes
+ # - affinity_or_topology_spread_constraints_in_pod
- id: APP.4.4.A20
title: Encrypted Data Storage for Pods