Uploaded image for project: 'Openshift sandboxed containers'
  1. Openshift sandboxed containers
  2. KATA-1569

Uninstalling the operator doesn't delete the SCC

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Medium
    • OCP 4.11
    • None
    • Operator
    • False
    • None
    • False
    • Kata Sprint #220
    • 0
    • 0
    • Medium

    Description

      Description

      Steps to reproduce

      1. Install OSC from the operator hub
      2. Uninstall OSC
      3. Do:

      oc get scc sandboxed-containers-operator-scc

      Expected result

       

      Error from server (NotFound): securitycontextconstraints.security.openshift.io "sandboxed-containers-operator-scc" not found 

       

       

      Actual result

      NAME                                PRIV    CAPS                    SELINUX     RUNASUSER          FSGROUP    SUPGROUP   PRIORITY     READONLYROOTFS   VOLUMES
      sandboxed-containers-operator-scc   false   ["DAC_READ_OVERRIDE"]   MustRunAs   MustRunAsNonRoot   RunAsAny   RunAsAny   <no value>   false            ["*"]
       

      Impact

      Leaving resources behind is bad.

      Env

       

      Bug was found by MCO team while working on BZ 2057545.

      Additional helpful info

      Workaround is to manually delete the SCC after OSC was uninstalled:

      oc delete scc sandboxed-containers-operator-scc 

      Attachments

        Activity

          People

            bpradipt Pradipta Banerjee
            rhgkurz Greg Kurz
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: