Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.12.0
Component/s: Networking / SR-IOV
Labels:
- 4.12_TELCO_RAN_GA
- telco-priority-1

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Critical
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
Rejected
Sprint:
None

Internal Whiteboard:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

setup sriov 4.12 operator, the sriov config daemon pod cannot be ready due to 

83s         Warning   FailedCreate          daemonset/sriov-network-config-daemon                              (combined from similar events): Error creating: pods "sriov-network-config-daemon-r2985" is forbidden: violates PodSecurity "restricted:latest": host namespaces (hostNetwork=true, hostPID=true), privileged (containers "sriov-cni", "sriov-infiniband-cni", "sriov-network-config-daemon" must not set securityContext.privileged=true), allowPrivilegeEscalation != false (containers "sriov-cni", "sriov-infiniband-cni", "sriov-network-config-daemon" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "sriov-cni", "sriov-infiniband-cni", "sriov-network-config-daemon" must set securityContext.capabilities.drop=["ALL"]), restricted volume types (volumes "host", "cnibin" use restricted volume type "hostPath"), runAsNonRoot != true (pod or containers "sriov-cni", "sriov-infiniband-cni", "sriov-network-config-daemon" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "sriov-cni", "sriov-infiniband-cni", "sriov-network-config-daemon" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")




# oc get ds -n openshift-sriov-network-operator
NAME                          DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                                                 AGE
network-resources-injector    3         3         3       3            3           beta.kubernetes.io/os=linux                                   13h
operator-webhook              3         3         3       3            3           beta.kubernetes.io/os=linux                                   13h
sriov-network-config-daemon   0         0         0       0            0           beta.kubernetes.io/os=linux,node-role.kubernetes.io/worker=   13h

Version-Release number of selected component (if applicable):

4.12.0-0.nightly-2022-09-07-032607
4.12.0-202209071228

How reproducible:

always

Steps to Reproduce:

1. setup 4.12 cluster
2. setup sriov operator 
3.

Actual results:

sriov config daemon pods cannot be ready

Expected results:

sriov config daemon pods can be ready

Additional info:

is cloned by

OCPBUGS-2126 sriov config daemon pod crash

Closed

Assignee:: Balazs Nemeth

Reporter:: Zhanqi Zhao

Need Info From:: None

Contributors:: None

QA Contact:: Zhanqi Zhao

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2022/09/08 6:43 AM

Updated:: 2025/07/29 11:33 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates