-
Bug
-
Resolution: Done-Errata
-
Major
-
None
-
None
-
Quality / Stability / Reliability
-
0.42
-
False
-
-
False
-
CNV v4.17.0.rhel9-580
-
-
No
Description of problem:
multiple AAQ upstream tests fail on d/s env due to PSA:
15:57:49 [FAILED] Unexpected error:
15:57:49 <*errors.StatusError | 0xc001e9f7c0>:
15:57:49 pods "test-pod" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "pause" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "pause" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "pause" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "pause" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
15:57:49 {
15:57:49 ErrStatus: {
15:57:49 TypeMeta: {Kind: "", APIVersion: ""},
15:57:49 ListMeta: {
15:57:49 SelfLink: "",
15:57:49 ResourceVersion: "",
15:57:49 Continue: "",
15:57:49 RemainingItemCount: nil,
15:57:49 },
15:57:49 Status: "Failure",
15:57:49 Message: "pods \"test-pod\" is forbidden: violates PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (container \"pause\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"pause\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or container \"pause\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container \"pause\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")",
15:57:49 Reason: "Forbidden",
15:57:49 Details: {Name: "test-pod", Group: "", Kind: "pods", UID: "", Causes: nil, RetryAfterSeconds: 0},
15:57:49 Code: 403,
15:57:49 },
15:57:49 }
15:57:49 occurred
Version-Release number of selected component (if applicable):
all versions
How reproducible:
100%
Steps to Reproduce:
1.Run AAQ tests on d/s environment (D/S build on OpenShift cluster) 2. 3.
Actual results:
Multiple tests are failing by PSA:
15:57:49 [FAILED] Unexpected error:
15:57:49 <*errors.StatusError | 0xc001e9f7c0>:
15:57:49 pods "test-pod" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "pause" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "pause" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "pause" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "pause" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
15:57:49 {
15:57:49 ErrStatus: {
15:57:49 TypeMeta: {Kind: "", APIVersion: ""},
15:57:49 ListMeta: {
15:57:49 SelfLink: "",
15:57:49 ResourceVersion: "",
15:57:49 Continue: "",
15:57:49 RemainingItemCount: nil,
15:57:49 },
15:57:49 Status: "Failure",
15:57:49 Message: "pods \"test-pod\" is forbidden: violates PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (container \"pause\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"pause\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or container \"pause\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container \"pause\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")",
15:57:49 Reason: "Forbidden",
15:57:49 Details: {Name: "test-pod", Group: "", Kind: "pods", UID: "", Causes: nil, RetryAfterSeconds: 0},
15:57:49 Code: 403,
15:57:49 },
15:57:49 }
15:57:49 occurred
Expected results:
AAQ upstream tests should be adjusted to D/S environment
Additional info:
- links to
-
RHEA-2024:133097
OpenShift Virtualization 4.17.0 Images
