Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-22506

[2142891] VM latency checkup: Failed to create the checkup's Job

XMLWordPrintable

    • CNV-net-QE-229
    • High

      Description of problem:
      When creating the checkup's Job, the following error occurs (could be seen on the Pod's description):

      ```
      Warning FailedCreate 20s (x5 over 2m30s) job-controller Error creating: pods "kubevirt-vm-latency-checkup-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider "containerized-data-importer": Forbidden: not usable by user or serviceaccount, spec.containers[0].securityContext.runAsUser: Invalid value: 1000: must be in the ranges: [1000930000, 1000939999], provider "net-admin": Forbidden: not usable by user or serviceaccount, provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "noobaa": Forbidden: not usable by user or serviceaccount, provider "noobaa-endpoint": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "kubevirt-controller": Forbidden: not usable by user or serviceaccount, provider "bridge-marker": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "ocs-metrics-exporter": Forbidden: not usable by user or serviceaccount, provider "linux-bridge": Forbidden: not usable by user or serviceaccount, provider "kubevirt-handler": Forbidden: not usable by user or serviceaccount, provider "rook-ceph": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "trident": Forbidden: not usable by user or serviceaccount, provider "rook-ceph-csi": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]
      ```

      Version-Release number of selected component (if applicable):
      4.12.0

      How reproducible:

      Steps to Reproduce:
      1. Create a NetworkAttachmentDefinition
      2. Configure the user-supplied ConfigMap
      3. Create the checkup's Job:
      ```

      apiVersion: batch/v1
      kind: Job
      metadata:
      name: kubevirt-vm-latency-checkup
      spec:
      backoffLimit: 0
      template:
      spec:
      serviceAccountName: vm-latency-checkup-sa
      restartPolicy: Never
      containers:

      • name: vm-latency-checkup
        image: registry-proxy.engineering.redhat.com/rh-osbs/container-native-virtualization-vm-network-latency-checkup:v4.12.0
        securityContext:
        runAsUser: 1000
        allowPrivilegeEscalation: false
        capabilities:
        drop: ["ALL"]
        runAsNonRoot: true
        seccompProfile:
        type: "RuntimeDefault"
        env:
      • name: CONFIGMAP_NAMESPACE
        value: <target-namespace>
      • name: CONFIGMAP_NAME
        value: kubevirt-vm-latency-checkup-config
        ```

      4. Describe the created Pod.

      Actual results:
      The checkup Job underlying pod doesn't start.

      Expected results:
      The checkup Job underlying pod should start.

      Additional info:
      Doing all actions as a project-admin.

            omisan@redhat.com Orel Misan
            omisan@redhat.com Orel Misan
            Anat Wax Anat Wax
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: