Running the operator in jws-namespace and using config/samples/web.servers.org_webservers_image_webapp_sources_cr.yaml gives the following log in the jws-app-build pod:
+++
time="2022-04-19T15:25:23Z" level=error msg="Error while applying layer: ApplyLayer exit status 1 stdout: stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:42 for /etc/gshadow): Check /etc/subuid and /etc/subgid: lchown /etc/gshadow: invalid argument"
error creating build container: writing blob: adding layer with blob "sha256:15d25916112e2ac87189b0b3ffbb32141d1d82d9860e0d74f9c6a70f7c2a9e8a": ApplyLayer exit status 1 stdout: stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:42 for /etc/gshadow): Check /etc/subuid and /etc/subgid: lchown /etc/gshadow: invalid argument
time="2022-04-19T15:25:23Z" level=error msg="exit status 125"
time="2022-04-19T15:25:23Z" level=warning msg="error running newgidmap: fork/exec /usr/bin/newgidmap: operation not permitted: "
time="2022-04-19T15:25:23Z" level=warning msg="falling back to single mapping"
time="2022-04-19T15:25:23Z" level=warning msg="error running newuidmap: fork/exec /usr/bin/newuidmap: operation not permitted: "
time="2022-04-19T15:25:23Z" level=warning msg="falling back to single mapping"
error pushing image "quay.io/jfclere/test" to "docker://quay.io/jfclere/test": quay.io/jfclere/test: image not known
time="2022-04-19T15:25:23Z" level=error msg="exit status 125
+++
The way to work around is:
oc adm policy add-scc-to-user anyuid -z builder -n jclere-namespace