Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-3623

'Provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted: .spec.securityContext.fsGroup: Invalid value' start workspace error

    XMLWordPrintable

Details

    • False
    • None
    • False
    • Known Issue
    • Workaround Exists
    • Hide

      Delete the DWO pod

      Show
      Delete the DWO pod

    Description

      Description of problem:

      It's not possible to start old and new workspace in DS 3.3.0 after an upgrade from DS 3.2.0 on OCP 4.10.

      Prerequisites (if any, like setup, operators/versions):

      Steps to Reproduce

      1. Install DS 3.2.0 with DWO 0.17.0 having option
      2. Create and start "microprofile-quickstart" workspace and "php-di" workspace.
      3. Stop "microprofile-quickstart" workspace and "php-di" workspaces.
      4. Upgrade DS to 3.3.0.
      5. Start "microprofile-quickstart" sample.
      6. Start "Empty workspace" sample.

      Actual results:

      Old and new workspaces failed to start:

      Detected unrecoverable deployment condition: FailedCreate pods "workspacee7f331e190434a79-69d7c69646-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted: .spec.securityContext.fsGroup: Invalid value: []int64

      Unknown macro: {1234}

      : 1234 is not an allowed group, spec.initContainers[0].securityContext.runAsUser: Invalid value: 1234: must be in the ranges: [1000680000, 1000689999], spec.containers[0].securityContext.runAsUser: Invalid value: 1234: must be in the ranges: [1000680000, 1000689999], spec.containers[1].securityContext.runAsUser: Invalid value: 1234: must be in the ranges: [1000680000, 1000689999], provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]

      DevWorkspace Controller logs: devworkspace-controller-manager-85c9d96967-h2t9h-devworkspace-controller.log

      "microprofile-quickstart" DevWorkspace resource: devworkspace-microprofile-quickstart.yaml

      "Empty workspace" DevWorkspace resource: devworkspace-empty-nx49.yaml

      Expected results:

      Old "microprofile-quickstart" workspace and new "Empty workspace" have started successfully.

      Reproducibility (Always/Intermittent/Only Once):

      always on the same OCP 4.10 cluster

      Build Details:

      Additional info (Such as Logs, Screenshots, etc):

      Workspace has started successfully after re-installation of DWO (it was required to set `strategy: None` in DevWorkspace CRD's [1]).

      [1] https://github.com/operator-framework/operator-lifecycle-manager/issues/2830#issuecomment-1206604029

      Also, workspaces start error hasn't been reproduced with fresh DS 3.3.0 deployed to clean OCP 4.11 instance.

      Attachments

        Activity

          People

            amisevsk Angel Misevski
            dnochevn Dmytro Nochevnov
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: