Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-3201

Unable to install Elasticsearch operator from upstream repo on OCP 4.12

    XMLWordPrintable

Details

    • False
    • None
    • False
    • NEW
    • VERIFIED
    • Log Storage - Sprint 226

    Description

      PodSecurity violation Error while trying to install Loki Operator on OCP 4.12 from upstream repo.

      FATA[0008] Failed to run bundle: create catalog: error creating registry pod: error creating pod: pods "quay-io-rhn-support-kbharti-loki-operator-bundle-v0-0-1" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "registry-grpc" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "registry-grpc" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "registry-grpc" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "registry-grpc" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") 
make: *** [Makefile:237: olm-deploy] Error 1

       Steps to reproduce:
      1) clone upsteam repo openshift/loki.
      2) Run below cmd under under loki/operators.

      make olm-deploy REGISTRY_ORG=<quay-account-name> VERSION=<version>

      OCP version: 4.12

      Installation works fine on OCP 4.11

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. LOG-3169 Unable to install Loki operator from upstream repo on OCP 4.12

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed
          depends on

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-1666 'run bundle'failed because of the request of PodSecurity

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. LOG-3202 [release-5.5] Unable to install Elasticsearch operator from upstream repo on OCP 4.12

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed
          links to

          GitHub openshift/cluster-logging-operator#1709: [release-5.5] LOG-3207 vector tag fix cherry-pick release-5.5

          GitHub openshift/elasticsearch-operator#950: Upgrade operator-sdk to v1.24.1

          mentioned on

          GitLab Merge request - Updated 2 upstream sources

          Activity

            People

              ptsiraki@redhat.com Periklis Tsirakidis
              rhn-support-kbharti Kabir Bharti
              Kabir Bharti Kabir Bharti
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: