Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-3603

Redis pod fails to start on OpenShift 4.14

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • None
    • None
    • None
    • 3
    • False
    • None
    • False
    • GITOPS Sprint 3248, GITOPS Sprint 3250, GITOPS Sprint 3251, GITOPS Sprint 3252, GITOPS Sprint 3253, GITOPS Sprint 3254, GitOps Crimson - Sprint 3255

    Description

      Description of problem:

      When deploying an instance of Argo CD into a namespace in 4.14, the redis pod fails to start as it is forbidden. Adding the anyuid SCC to the redis and redis-ha service accounts gets things going again.

      Prerequisites (if any, like setup, operators/versions):

      Steps to Reproduce

      Deploy a namespace scoped instance into a new namespace, if you check the redis deployment you will see no pods are created and the Deployment is showing the following in it's status field:

         - type: ReplicaFailure
            status: 'True'
            lastUpdateTime: '2023-11-14T17:53:40Z'
            lastTransitionTime: '2023-11-14T17:53:40Z'
            reason: FailedCreate
            message: >-
              pods "argocd-redis-75db4ffcc5-" is forbidden: unable to validate against
              any security context constraint: [provider "anyuid": Forbidden: not
              usable by user or serviceaccount, provider "pipelines-scc": Forbidden:
              not usable by user or serviceaccount, provider restricted-v2:
              .containers[0].runAsUser: Invalid value: 999: must be in the ranges:
              [1001060000, 1001069999], provider "restricted": Forbidden: not usable
              by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable
              by user or serviceaccount, provider "nonroot": Forbidden: not usable by
              user or serviceaccount, provider "hostmount-anyuid": Forbidden: not
              usable by user or serviceaccount, provider
              "machine-api-termination-handler": Forbidden: not usable by user or
              serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user
              or serviceaccount, provider "hostnetwork": Forbidden: not usable by user
              or serviceaccount, provider "hostaccess": Forbidden: not usable by user
              or serviceaccount, provider "lvms-vgmanager": Forbidden: not usable by
              user or serviceaccount, provider "lvms-topolvm-node": Forbidden: not
              usable by user or serviceaccount, provider "rook-ceph": Forbidden: not
              usable by user or serviceaccount, provider "node-exporter": Forbidden:
              not usable by user or serviceaccount, provider "rook-ceph-csi":
              Forbidden: not usable by user or serviceaccount, provider "privileged":
              Forbidden: not usable by user or serviceaccount] 

      Actual results:

      See above

      Expected results:
      Redis pod starts

      Reproducibility (Always/Intermittent/Only Once):

      Acceptance criteria: 

      Redis pod starts

      Definition of Done:

      Build Details:

      Additional info (Such as Logs, Screenshots, etc):

       

       *

      Attachments

        Activity

          People

            rh-ee-ansingh Anand Singh
            gnunn@redhat.com Gerald Nunn
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: