Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-11508

[Gatekeeper] Pods in terminating state due to gatekeeper policies

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • Gatekeeper 3.14.1
    • GRC
    • 3
    • False
    • None
    • False
    • GRC Sprint 2024-13
    • No

      Description of problem:

      During node drains, pods created from an existing Running Job are left in Terminating state. The finalizers cannot be deleted for these pods, until their namespace is added in the excludeNamespace of assign "runtimeclass" and "fsgroup" resources respectively. The pods are created by the job and affected by the gatekeeper policies. Is this behavior expected?

      How reproducible:

      All the time during node drains

      Steps to Reproduce:

      1. Deploy OCP env 4.13 and install gatekeeper.
      2. add policies, like assign apply-runtimeclass apply-fsgroup for all pods
      3. create a job to create pods(gatekeeper policies would apply automatically).
      4. Drain one of the nodes.

      Actual results:

      Expected results:

      Additional info:

              yikim@redhat.com Yi Rae Kim
              rhn-support-fshaikh Fatima Shaikh
              Derek Ho Derek Ho
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: