Uploaded image for project: 'Openshift sandboxed containers'
  1. Openshift sandboxed containers
  2. KATA-1569

Uninstalling the operator doesn't delete the SCC

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Medium Medium
    • OCP 4.11
    • None
    • Operator
    • False
    • None
    • False
    • Kata Sprint #220
    • 0
    • 0
    • Medium

      Description

      Steps to reproduce

      1. Install OSC from the operator hub
      2. Uninstall OSC
      3. Do: 

      oc get scc sandboxed-containers-operator-scc

      Expected result

       

      Error from server (NotFound): securitycontextconstraints.security.openshift.io "sandboxed-containers-operator-scc" not found

       

       

      Actual result

      NAME                                PRIV    CAPS                    SELINUX     RUNASUSER          FSGROUP    SUPGROUP   PRIORITY     READONLYROOTFS   VOLUMES
sandboxed-containers-operator-scc   false   ["DAC_READ_OVERRIDE"]   MustRunAs   MustRunAsNonRoot   RunAsAny   RunAsAny   <no value>   false            ["*"]

      Impact

      Leaving resources behind is bad.

      Env

       

      Bug was found by MCO team while working on BZ 2057545.

      Additional helpful info

      Workaround is to manually delete the SCC after OSC was uninstalled:

      oc delete scc sandboxed-containers-operator-scc

              bpradipt Pradipta Banerjee
              rhgkurz Greg Kurz
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: