Loading...

XML

Word

Printable

Type: Sub-task
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: QE-Task
Labels:
None

Story Points:
2
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
QEStatus:
ToDo
Intelligence Requested:
Market:

Cost of Delay:
0
WSJF:
0.000
Risk Probability:
Very Likely
Risk Score:
0

Workstream:

None

Root Cause:
Unset
Failure Category:
Unknown

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Currently image-stream application is failing due to PSA policies in OCP 4.16 cluster.

 "Failed to create object: b'{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"pods \\\\\"usetag-alp\\\\\" is forbidden: violates PodSecurity \\\\\"restricted:v1.24\\\\\": allowPrivilegeEscalation != false (container \\\\\"podtest\\\\\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \\\\\"podtest\\\\\" must set securityContext.capabilities.drop=[\\\\\"ALL\\\\\"]), runAsNonRoot != true (pod or container \\\\\"podtest\\\\\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container \\\\\"podtest\\\\\" must set securityContext.seccompProfile.type to \\\\\"RuntimeDefault\\\\\" or \\\\\"Localhost\\\\\")\",\"reason\":\"Forbidden\",\"details\":{\"name\":\"usetag-alp\",\"kind\":\"pods\"},\"code\":403}\\n'", "reason": "Forbidden", "status": 403} 2024-05-27 11:21:59,558 p=150076 u=1002280000 n=ansible | failed: [localhost] (item=Create pod for image image-registry.openshift-image-registry.svc:5000/test-oadp-98-kopia/internal-image:busy) => {"ansible_loop_var": "item", "changed": false, "error": 403, "item": {"external_image_name": "quay.io/migqe/busybox", "external_image_tag": 1.35, "extra_tags": [{"alias": false, "name": "tag3"}, {"alias": false, "name": "latest"}, {"alias": true, "name": "tag4"}], "internal_image_name": "internal-image", "internal_image_tag": "busy"}, "msg": "Failed to create object: b'{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"pods \\\\\"usetag-busy\\\\\" is forbidden: violates PodSecurity \\\\\"restricted:v1.24\\\\\": allowPrivilegeEscalation != false (container \\\\\"podtest\\\\\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \\\\\"podtest\\\\\" must set securityContext.capabilities.drop=[\\\\\"ALL\\\\\"]), runAsNonRoot != true (pod or container \\\\\"podtest\\\\\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container \\\\\"podtest\\\\\" must set securityContext.seccompProfile.type to \\\\\"RuntimeDefault\\\\\" or \\\\\"Localhost\\\\\")\",\"reason\":\"Forbidden\",\"details\":{\"name\":\"usetag-busy\",\"kind\":\"pods\"},\"code\":403}\\n'", "reason": "Forbidden", "status": 403}

mentioned on

Merge request - Fix previledge issue

Assignee:: Prasad Joshi

Reporter:: Prasad Joshi

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/05/29 6:14 AM

Updated:: 2024/05/29 10:20 AM

Resolved:: 2024/05/29 10:20 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates