Details
-
Bug
-
Resolution: Done
-
Critical
-
1.8.0
-
5
-
False
-
None
-
False
-
Before this update, the cluster and `kam` CLI pods failed to start with a new installation of Openshift GitOps v1.8.0 on the OCP 4.10 cluster. This update fixes the issue and now all pods run as expected.
-
GITOPS Sprint 234
Description
Description of problem:
On a new install (not from upgrade) GitOps Operator v1.8.0 on OCP 4.10, both the kam and cluster pods fail to start.
openshift-gitops 17s Warning FailedCreate replicaset/cluster-7b6c47d84 Error creating: pods "cluster-7b6c47d84-znsrc" is forbidden: unable to validate against any security context constraint: [pod.metadata.annotations.container.seccomp.security.alpha.kubernetes.io/cluster: Forbidden: seccomp may not be set provider "anyuid": Forbidden: not usable by user or serviceaccount provider "nonroot": Forbidden: not usable by user or serviceaccount provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount provider "hostnetwork": Forbidden: not usable by user or serviceaccount provider "hostaccess": Forbidden: not usable by user or serviceaccount provider "node-exporter": Forbidden: not usable by user or serviceaccount provider "privileged": Forbidden: not usable by user or serviceaccount]
openshift-gitops 17s Warning FailedCreate replicaset/cluster-7b6c47d84 Error creating: pods "cluster-7b6c47d84-znsrc" is forbidden: unable to validate against any security context constraint: [pod.metadata.annotations.container.seccomp.security.alpha.kubernetes.io/cluster: Forbidden: seccomp may not be set provider "anyuid": Forbidden: not usable by user or serviceaccount provider "nonroot": Forbidden: not usable by user or serviceaccount provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount provider "hostnetwork": Forbidden: not usable by user or serviceaccount provider "hostaccess": Forbidden: not usable by user or serviceaccount provider "node-exporter": Forbidden: not usable by user or serviceaccount provider "privileged": Forbidden: not usable by user or serviceaccount]
$ oc get deployments -n openshift-gitops NAME READY UP-TO-DATE AVAILABLE AGE cluster 0/1 0 0 4m32s kam 0/1 0 0 4m32s openshift-gitops-applicationset-controller 1/1 1 1 4m30s openshift-gitops-dex-server 1/1 1 1 4m32s openshift-gitops-redis 1/1 1 1 4m30s openshift-gitops-repo-server 1/1 1 1 4m30s openshift-gitops-server 1/1 1 1 4m30s
Prerequisites (if any, like setup, operators/versions):
OCP 4.10. Not reproducible on OCP 4.11-4.13
New install of GitOps Operator v1.8.0, not from an upgrade
Steps to Reproduce
- With no GitOps Operator installed, install GitOps Operator v1.8.0 on OCP 4.10
- Check the default instance in the openshift-gitops namespace,
- oc get deployments -n openshift-gitops
- observe cluster and kam pods are not running.
Actual results:
Follow the steps to reproduce, cluster and kam pods are not running..
Expected results:
Follow the steps to reproduce, all pods should be running.
Reproducibility (Always/Intermittent/Only Once):
Always
Build Details:
Additional info (Such as Logs, Screenshots, etc):
Acceptance Criteria:
- Expect the pod to be running without problem (e.g. failure of start)
- We have test this, make sure the test FAIL at the moment.
- When you fix it, make sure PASS.
- Bring this down to midstream (CPaaS and so on ...)
- Release Note are are required as well.
DoD:
- The relevant tests are passing
- Documentation is present
- It's part of the release for 1.8.2
Attachments
Issue Links
- is documented by
-
RHDEVDOCS-5089 GitOps 1.8.2 release notes
-
- Closed
-