Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-2762

Fresh Install on OCP 4.10 fails to start kam and cluster pods

XMLWordPrintable

    • 5
    • False
    • None
    • False
    • Before this update, the cluster and `kam` CLI pods failed to start with a new installation of Openshift GitOps v1.8.0 on the OCP 4.10 cluster. This update fixes the issue and now all pods run as expected.
    • GITOPS Sprint 234

      Description of problem:

      On a new install (not from upgrade) GitOps Operator v1.8.0 on OCP 4.10, both the kam and cluster pods fail to start.

      openshift-gitops 17s Warning FailedCreate replicaset/cluster-7b6c47d84 Error creating: pods "cluster-7b6c47d84-znsrc" is forbidden: unable to validate against any security context constraint: [pod.metadata.annotations.container.seccomp.security.alpha.kubernetes.io/cluster: Forbidden: seccomp may not be set provider "anyuid": Forbidden: not usable by user or serviceaccount provider "nonroot": Forbidden: not usable by user or serviceaccount provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount provider "hostnetwork": Forbidden: not usable by user or serviceaccount provider "hostaccess": Forbidden: not usable by user or serviceaccount provider "node-exporter": Forbidden: not usable by user or serviceaccount provider "privileged": Forbidden: not usable by user or serviceaccount]
      
      openshift-gitops 17s Warning FailedCreate replicaset/cluster-7b6c47d84 Error creating: pods "cluster-7b6c47d84-znsrc" is forbidden: unable to validate against any security context constraint: [pod.metadata.annotations.container.seccomp.security.alpha.kubernetes.io/cluster: Forbidden: seccomp may not be set provider "anyuid": Forbidden: not usable by user or serviceaccount provider "nonroot": Forbidden: not usable by user or serviceaccount provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount provider "hostnetwork": Forbidden: not usable by user or serviceaccount provider "hostaccess": Forbidden: not usable by user or serviceaccount provider "node-exporter": Forbidden: not usable by user or serviceaccount provider "privileged": Forbidden: not usable by user or serviceaccount]
      
      $ oc get deployments -n openshift-gitops
      NAME READY UP-TO-DATE AVAILABLE AGE
      cluster 0/1 0 0 4m32s
      kam 0/1 0 0 4m32s
      openshift-gitops-applicationset-controller 1/1 1 1 4m30s
      openshift-gitops-dex-server 1/1 1 1 4m32s
      openshift-gitops-redis 1/1 1 1 4m30s
      openshift-gitops-repo-server 1/1 1 1 4m30s
      openshift-gitops-server 1/1 1 1 4m30s
      

      Prerequisites (if any, like setup, operators/versions):

      OCP 4.10. Not reproducible on OCP 4.11-4.13

      New install of GitOps Operator v1.8.0, not from an upgrade

      Steps to Reproduce

      1. With no GitOps Operator installed, install GitOps Operator v1.8.0 on OCP 4.10
      2. Check the default instance in the openshift-gitops namespace,
        1. oc get deployments -n openshift-gitops 
        2. observe cluster and kam pods are not running.

      Actual results:

      Follow the steps to reproduce, cluster and kam pods are not running..

      Expected results:

      Follow the steps to reproduce, all pods should be running.

      Reproducibility (Always/Intermittent/Only Once):

      Always

      Build Details:

      Additional info (Such as Logs, Screenshots, etc):

       

      Acceptance Criteria:

      1. Expect the pod to be running without problem (e.g. failure of start)
      2. We have test this, make sure the test FAIL at the moment.
      3. When you fix it, make sure PASS.
      4. Bring this down to midstream (CPaaS and so on ...)
      5. Release Note are are required as well.

       

      DoD:

      1. The relevant tests are passing
      2. Documentation is present
      3. It's part of the release for 1.8.2

       

            rhn-support-vab Varsha B
            wtam_at_redhat William Tam
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: