Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-11508

[Gatekeeper] Pods in terminating state due to gatekeeper policies

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • Gatekeeper 3.14.1
    • GRC
    • False
    • None
    • False
    • No
    • GRC Sprint 2024-11

      Description of problem:

      During node drains, pods created from an existing Running Job are left in Terminating state. The finalizers cannot be deleted for these pods, until their namespace is added in the excludeNamespace of assign "runtimeclass" and "fsgroup" resources respectively. The pods are created by the job and affected by the gatekeeper policies. Is this behavior expected?

      How reproducible:

      All the time during node drains

      Steps to Reproduce:

      1. Deploy OCP env 4.13 and install gatekeeper.
      2. add policies, like assign apply-runtimeclass apply-fsgroup for all pods
      3. create a job to create pods(gatekeeper policies would apply automatically).
      4. Drain one of the nodes.

      Actual results:

      Expected results:

      Additional info:

            Unassigned Unassigned
            rhn-support-fshaikh Fatima Shaikh
            Derek Ho Derek Ho
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: