Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-3554

Dashboard ignores "disableContainerBuildCapabilities: true" CheCluster property when there is "openShiftSecurityContextConstraint: container-build"

    XMLWordPrintable

Details

    • False
    • None
    • False
    • Release Notes
    • Hide
      = Workspaces failed to start with a clone of a Git repository on some {prod-short} instances

      Before this update, there was a regression in the {prod-short} instances that had been installed through the OpenShift web console. {prod-short} failed to link:https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.3/html-single/user_guide/index#starting-a-new-workspace-with-a-clone-of-a-git-repository[start workspaces with a clone of a Git repository], displaying an Operator permission error. With this update, this issue is resolved, and users on the affected {prod-short} instances can start new workspaces by supplying the URL of a remote Git repository.
      Show
      = Workspaces failed to start with a clone of a Git repository on some {prod-short} instances Before this update, there was a regression in the {prod-short} instances that had been installed through the OpenShift web console. {prod-short} failed to link: https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.3/html-single/user_guide/index#starting-a-new-workspace-with-a-clone-of-a-git-repository [start workspaces with a clone of a Git repository], displaying an Operator permission error. With this update, this issue is resolved, and users on the affected {prod-short} instances can start new workspaces by supplying the URL of a remote Git repository.
    • Bug Fix
    • Rejected

    Description

      Description of problem:

      There were 2 problems:

      • Dashboard ignores "disableContainerBuildCapabilities: true" CheCluster property when there is "openShiftSecurityContextConstraint: container-build"
      • devspaces operator didn't remove "openShiftSecurityContextConstraint: container-build" property when restore "disableContainerBuildCapabilities: true" in CheCluster manually.

      As a result, it was not possible to start any workspace because of error: "operator does not have permissions to get the 'container-build' SecurityContextConstraints"

      Prerequisites (if any, like setup, operators/versions):

      • DWO 0.17.0: 'registry-proxy.engineering.redhat.com/rh-osbs/devworkspace-operator-bundle:0.17-1, registry-proxy.engineering.redhat.com/rh-osbs/iib:360655'
      • DS 3.3.0.ER-11-16: 'devspaces-operator-bundle:3.3-231'

      Steps to Reproduce

      1. Deploy DevSpaces with "disableContainerBuildCapabilities: false"
      2. Wait on DevSpaces being deployed completely
      3. Go to CheCluster and restore "disableContainerBuildCapabilities: true"

      Actual results:

      There was next un-removed property in CheCluster:

        devEnvironments:
    containerBuildConfiguration:
      openShiftSecurityContextConstraint: container-build

      As result, workspace failed to start because of error "operator does not have permissions to get the 'container-build' SecurityContextConstraints":

      Expected results:

      There was no "openShiftSecurityContextConstraint: container-build" in CheCluster

      Reproducibility (Always/Intermittent/Only Once):

      Always

      Build Details:

      Additional info (Such as Logs, Screenshots, etc):

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem that impairs or prevents the functions of the product. CRW-3561 Getting Started Samples are failing with 'user is not permitted use the container-build SCC'

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          links to

          Web Link Upstream issue "Getting Started Samples are failing with 'user is not permitted use the container-build SCC'"

          Activity

            People

              rhn-support-olorel Oleksii Orel (Inactive)
              dnochevn Dmytro Nochevnov
              Jana Vrbkova Jana Vrbkova
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: