Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-24968

Operator was not installed on OCP 4.14 due to the new pod security standards

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • OP-2.4.0.GA
    • Operator
    • None
    • False
    • None
    • False

      On OCP 4.14 operator can no be installed.

      In the Operator Lifecycle Manager log

      oc logs pod/catalog-operator-66847cb574-5nwgd -n openshift-operator-lifecycle-manager
      

      there is an error message

      failed: couldn't ensure registry server - error ensuring pod: : error creating new pod: eap-operator-: pods "eap-operator-5vmfd" is forbidden: violates PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "configmap-registry-server" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "configmap-registry-server" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "configmap-registry-server" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "configmap-registry-server" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
      

      Full log catalog-operator-66847cb574-5nwgd.log is attached.

      This looks similar to the previously seen issue https://issues.redhat.com/browse/JBEAP-24518 in OCP 4.13.

      It might be related to the new pod security standards as described in https://sdk.operatorframework.io/docs/best-practices/pod-security-standards/.

              dcihak@redhat.com Daniel Cihak
              dcihak@redhat.com Daniel Cihak
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: