Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Minor
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
house keeping 4.13

Sprint:
Hypershift Sprint 233, Hypershift Sprint 234
Cost of Delay:
0
WSJF:
0
Risk Score:
0

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

The Hypershift operator deployment fails when we try to deploy it in the RootCI server which has the PSA enabled. So we need to make the hypershift operator deployment restricted PSA compliant

Event:

0s          Warning   FailedCreate        replicaset/operator-66cc5794c9       (combined from similar events): Error creating: pods "operator-66cc5794c9-k2sq7" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "operator" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "operator" must set securityContext.capabilities.drop=["ALL"]), seccompProfile (pod or container "operator" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

links to

openshift/hypershift#2333: HOSTEDCP-938: Added PSA default profile to RunTimeDefault in operator deployment

mentioned on

Merge request - Bump IBM integration to our latest prod image.

Assignee:: Juan Manuel Parrilla Madrid

Reporter:: Juan Manuel Parrilla Madrid

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2023/03/27 2:44 PM

Updated:: 2024/01/23 9:09 PM

Resolved:: 2023/03/29 9:05 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates