-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
OP-2.4.0.GA
-
None
-
False
-
None
-
False
-
-
-
-
-
-
-
On OCP 4.14 operator can no be installed.
In the Operator Lifecycle Manager log
oc logs pod/catalog-operator-66847cb574-5nwgd -n openshift-operator-lifecycle-manager
there is an error message
failed: couldn't ensure registry server - error ensuring pod: : error creating new pod: eap-operator-: pods "eap-operator-5vmfd" is forbidden: violates PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "configmap-registry-server" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "configmap-registry-server" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "configmap-registry-server" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "configmap-registry-server" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
Full log catalog-operator-66847cb574-5nwgd.log is attached.
This looks similar to the previously seen issue https://issues.redhat.com/browse/JBEAP-24518 in OCP 4.13.
It might be related to the new pod security standards as described in https://sdk.operatorframework.io/docs/best-practices/pod-security-standards/.
- relates to
-
-
- Resolved
-