With invalid range value for runAsGroup parameter(65536) improve error validation check message 

4.21.0-0.nightly-2025-11-03-191704

Always

1. Install AWS/GCP/Azure cluster
2. Create newproject and do deployment as mentioned below.
3. Check the status of deployment

//deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-invalid-group-test-65536
  namespace: testropatil
  annotations:
    openshift.io/required-scc: restricted-v3
spec:
  replicas: 1
  selector:
    matchLabels:
      app: testing
  template:
    metadata:
      labels:
        app: testing
      annotations:
        openshift.io/required-scc: restricted-v3
    spec:
      hostUsers: false
      securityContext:
        runAsUser: 1000
        runAsGroup: 65536 # This allows till 65535 for user namespaces
        fsGroup: 1000
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      containers:
      - name: testing
        image: registry.access.redhat.com/ubi9/ubi-minimal  # image: registry.redhat.io/ubi9/ubi
        command: ["/bin/sleep"]
        args: ["3600"]
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop: ["ALL"]

Error: container create failed: setgroups: Invalid argument    

We have only given invalid range value i.e 65536, 
Any possibilty to update error message like: Invalid value: 65536: must be in the ranges: [1000, xxxxx] instead of Invalid argument which is user confusing message

oc get deploy -n testropatil
NAME                                  READY   UP-TO-DATE   AVAILABLE   AGE
deployment-invalid-group-test-65536   0/1     1            0           76m

oc describe deploy/deployment-invalid-group-test-65536 -n testropatilName:                   deployment-invalid-group-test-65536
Namespace:              testropatil
CreationTimestamp:      Wed, 05 Nov 2025 12:41:55 +0530
Labels:                 <none>
Annotations:            deployment.kubernetes.io/revision: 1
                        openshift.io/required-scc: restricted-v3
Selector:               app=testing
Replicas:               1 desired | 1 updated | 1 total | 0 available | 1 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:       app=testing
  Annotations:  openshift.io/required-scc: restricted-v3
  Containers:
   testing:
    Image:      registry.access.redhat.com/ubi9/ubi-minimal
    Port:       <none>
    Host Port:  <none>
    Command:
      /bin/sleep
    Args:
      3600
    Environment:   <none>
    Mounts:        <none>
  Volumes:         <none>
  Node-Selectors:  <none>
  Tolerations:     <none>
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Available      False   MinimumReplicasUnavailable
  Progressing    False   ProgressDeadlineExceeded
OldReplicaSets:  <none>
NewReplicaSet:   deployment-invalid-group-test-65536-fdbc78fcf (1/1 replicas created)
Events:
  Type    Reason             Age   From                   Message
  ----    ------             ----  ----                   -------
  Normal  ScalingReplicaSet  13m   deployment-controller  Scaled up replica set deployment-invalid-group-test-65536-fdbc78fcf from 0 to 1

oc get deploy/deployment-invalid-group-test-65536 -n testropatil -o yaml
      securityContext:
        fsGroup: 1000
        runAsGroup: 65536
        runAsNonRoot: true
        runAsUser: 1000
        seccompProfile:
          type: RuntimeDefault
      terminationGracePeriodSeconds: 30
status:
  conditions:
  - lastTransitionTime: "2025-11-05T07:11:55Z"
    lastUpdateTime: "2025-11-05T07:11:55Z"
    message: Deployment does not have minimum availability.
    reason: MinimumReplicasUnavailable
    status: "False"
    type: Available
  - lastTransitionTime: "2025-11-05T07:21:56Z"
    lastUpdateTime: "2025-11-05T07:21:56Z"
    message: ReplicaSet "deployment-invalid-group-test-65536-fdbc78fcf" has timed
      out progressing.
    reason: ProgressDeadlineExceeded
    status: "False"
    type: Progressing
  observedGeneration: 1
  replicas: 1
  unavailableReplicas: 1
  updatedReplicas: 1

oc describe pod/deployment-invalid-group-test-65536-fdbc78fcf-qgfqc -n testropatil
  Normal   Pulled          25m                   kubelet            Successfully pulled image "registry.access.redhat.com/ubi9/ubi-minimal" in 1.123s (1.123s including waiting). Image size: 106110407 bytes.
  Normal   Pulled          24m (x3 over 25m)     kubelet            (combined from similar events): Successfully pulled image "registry.access.redhat.com/ubi9/ubi-minimal" in 4.605s (4.605s including waiting). Image size: 106110407 bytes.
  Warning  Failed          2m1s (x108 over 27m)  kubelet            Error: container create failed: setgroups: Invalid argument
  Normal   Pulling         2m1s (x108 over 27m)  kubelet            Pulling image "registry.access.redhat.com/ubi9/ubi-minimal"

oc get events -n testropatil --sort-by=.lastTimestamp | tac | grep "65536"
4m42s       Warning   Failed              pod/deployment-invalid-group-test-65536-fdbc78fcf-qgfqc     Error: container create failed: setgroups: Invalid argument
4m58s       Normal    Pulling             pod/deployment-invalid-group-test-65536-fdbc78fcf-qgfqc     Pulling image "registry.access.redhat.com/ubi9/ubi-minimal"
12m         Normal    Pulled              pod/deployment-invalid-group-test-65536-fdbc78fcf-qgfqc     (combined from similar events): Successfully pulled image "registry.access.redhat.com/ubi9/ubi-minimal" in 4.605s (4.605s including waiting). Image size: 106110407 bytes.
13m         Normal    Pulled              pod/deployment-invalid-group-test-65536-fdbc78fcf-qgfqc     Successfully pulled image "registry.access.redhat.com/ubi9/ubi-minimal" in 1.123s (1.123s including waiting). Image size: 106110407 bytes.