-
Bug
-
Resolution: Done-Errata
-
Normal
-
None
-
None
-
False
-
None
-
False
-
-
Migrations from vSphere to some namespace fail with "pods "vc7-plan-use-default-vm-108-pvcinit-" is forbidden: unable to validate against any security context constraint":
- oc describe plan vc7-plan-use-default -n openshift-mtv
Name: vc7-plan-use-defaultNamespace: openshift-mtv
Labels: <none>
Annotations: populatorLabels: True
API Version: forklift.konveyor.io/v1beta1
Kind: Plan
Metadata:
Creation Timestamp: 2024-03-15T08:43:09Z
Generation: 1
Resource Version: 18525640
UID: d9b20a4d-a479-4b9e-9e63-11d28304b774
Spec:
Description:
Map:
Network:
Name: networkmap-vc7-cert
Namespace: default Storage:
Name: storagemap-vc7-cert
Namespace: default Provider:
Destination:
Name: host
Namespace: openshift-mtv
Source:
Name: vc7.0.3-verify-cert
Namespace: default Target Namespace: openshift-mtv
Vms:
Name: esx7.0-rhel8.9-x86_64
Warm: falseStatus:
Conditions:
Category: Required
Last Transition Time: 2024-03-15T08:43:15Z
Message: The migration plan is ready.
Status: True
Type: Ready
Category: Advisory
Durable: true Last Transition Time: 2024-03-15T08:43:37Z
Message: The plan execution has FAILED.
Status: True
Type: Failed
Category: Warn
Items:
id:vm-108 name:'esx7.0-rhel8.9-x86_64'
Last Transition Time: 2024-03-15T08:43:40Z
Message: Target VM name does not comply with DNS1123 RFC, will be automatically changed.
Reason: NotValid
Status: True
Type: TargetNameNotValid
Migration:
Completed: 2024-03-15T08:43:37Z
History:
Conditions:
Category: Advisory
Durable: true Last Transition Time: 2024-03-15T08:43:37Z
Message: The plan execution has FAILED.
Status: True
Type: Failed
Map:
Network:
Generation: 1
Name: networkmap-vc7-cert
Namespace: default UID: 03549ee3-3a9e-41a0-bd5d-13c136a00ecf
Storage:
Generation: 1
Name: storagemap-vc7-cert
Namespace: default UID: 693abeb0-d10e-4453-98d7-c26f02af93d4
Migration:
Generation: 1
Name: vc7-plan-use-default-1710492201042
Namespace: openshift-mtv
UID: d4f20174-81e5-4c89-aba6-e39de6f90159
Plan:
Generation: 1
Name: vc7-plan-use-default Namespace: openshift-mtv
UID: d9b20a4d-a479-4b9e-9e63-11d28304b774
Provider:
Destination:
Generation: 1
Name: host
Namespace: openshift-mtv
UID: 6b7a63e1-fc79-4653-9b6a-6f847afe93af
Source:
Generation: 2
Name: vc7.0.3-verify-cert
Namespace: default UID: a4c67644-4aaa-4ae2-b9f5-fa7ccf296d0c
Started: 2024-03-15T08:43:21Z
Vms:
Completed: 2024-03-15T08:43:37Z
Conditions:
Category: Advisory
Durable: true Last Transition Time: 2024-03-15T08:43:34Z
Message: The VM migration has FAILED.
Status: True
Type: Failed
Error:
Phase: CreateDataVolumes
Reasons:
pods "vc7-plan-use-default-vm-108-pvcinit-" is forbidden: unable to validate against any security context constraint: [pod.metadata.annotations[seccomp.security.alpha.kubernetes.io/pod]: Forbidden: seccomp may not be set, pod.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/main]: Forbidden: seccomp may not be set, provider restricted-v2: .containers[0].runAsUser: Invalid value: 107: must be in the ranges: [1000710000, 1000719999], provider "restricted": Forbidden: not usable by user or serviceaccount, provider "containerized-data-importer": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "forklift-controller-scc": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "kubevirt-controller": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "bridge-marker": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "linux-bridge": Forbidden: not usable by user or serviceaccount, provider "kubevirt-handler": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]
Id: vm-108
Name: esx7.0-rhel8.9-x86_64
Phase: Completed
Pipeline:
Description: Initialize migration.
Error:
Phase: Running
Reasons:
pods "vc7-plan-use-default-vm-108-pvcinit-" is forbidden: unable to validate against any security context constraint: [pod.metadata.annotations[seccomp.security.alpha.kubernetes.io/pod]: Forbidden: seccomp may not be set, pod.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/main]: Forbidden: seccomp may not be set, provider restricted-v2: .containers[0].runAsUser: Invalid value: 107: must be in the ranges: [1000710000, 1000719999], provider "restricted": Forbidden: not usable by user or serviceaccount, provider "containerized-data-importer": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "forklift-controller-scc": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "kubevirt-controller": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "bridge-marker": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "linux-bridge": Forbidden: not usable by user or serviceaccount, provider "kubevirt-handler": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]
Name: Initialize
Phase: Running
Progress:
Completed: 0
Total: 1
Started: 2024-03-15T08:43:21Z
Annotations:
Unit: MB
Description: Allocate disks.
Name: DiskAllocation
Phase: Pending
Progress:
Completed: 0
Total: 16384
Tasks:
Annotations:
Unit: MB
Name: [esx7.0-matrix] esx7.0-rhel8.9-x86_64/esx7.0-rhel8.9-x86_64.vmdk
Progress:
Completed: 0
Total: 16384
Description: Convert image to kubevirt.
Name: ImageConversion
Phase: Pending
Progress:
Completed: 0
Total: 1
Annotations:
Unit: MB
Description: Copy disks.
Name: DiskTransferV2v
Phase: Pending
Progress:
Completed: 0
Total: 16384
Tasks:
Annotations:
Unit: MB
Name: [esx7.0-matrix] esx7.0-rhel8.9-x86_64/esx7.0-rhel8.9-x86_64.vmdk
Progress:
Completed: 0
Total: 16384
Description: Create VM.
Name: VirtualMachineCreation
Phase: Pending
Progress:
Completed: 0
Total: 1
Restore Power State: Off
Started: 2024-03-15T08:43:21Z
Observed Generation: 1
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ValidatingVDDK 15m (x2 over 15m) plan Validating VDDK init image
Normal ValidatingVDDK 15m (x2 over 15m) plan Validating VDDK init image
Normal ValidatingVDDK 15m (x2 over 15m) plan Validating VDDK init image
Normal ValidatingVDDK 15m (x2 over 15m) plan Validating VDDK init image
Normal Ready 15m plan The migration plan is ready.
Normal Ready 15m plan The migration plan is ready.
Normal Ready 15m plan The migration plan is ready.
Normal Ready 15m plan The migration plan is ready.
Warning TargetNameNotValid 15m (x2 over 15m) plan Target VM name does not comply with DNS1123 RFC, will be automatically changed.
Warning TargetNameNotValid 14m (x3 over 15m) plan Target VM name does not comply with DNS1123 RFC, will be automatically changed.
Warning TargetNameNotValid 14m (x2 over 15m) plan Target VM name does not comply with DNS1123 RFC, will be automatically changed.
Warning TargetNameNotValid 14m (x3 over 15m) plan Target VM name does not comply with DNS1123 RFC, will be automatically changed.
- clones
-
-
- Closed
-
- links to
-
RHBA-2024:128697
MTV 2.5.6 Images