-
Bug
-
Resolution: Done
-
Critical
-
4.12.0
-
Critical
-
None
-
OSDK 232, OPECO 233
-
2
-
Rejected
-
False
-
-
NA
-
Release Note Not Required
Description of problem:
operator sdk scorecard test failed because of the request of PodSecurity
Version-Release number of selected component (if applicable):
operator-sdk version: "v1.22.0-ocp", commit: "9a16a5cb237880ee540f89d7768d93a3e4e1635e", kubernetes version: "v1.24.1", go version: "go1.18.1", GOOS: "linux", GOARCH: "amd64" cluster version: 4.12.0-0.nightly-2022-09-07-112008
How reproducible:
always
Steps to Reproduce:
1.generate one operator and bundle 2.operator-sdk init --plugins=ansible --domain example.com 3.operator-sdk create api --group cache --version v1alpha1 --kind Memcached --generate-role 4.make bundle 5.scorecard test the operator bundle operator-sdk scorecard ./bundle -c ./bundle/tests/scorecard/config.yaml -w 60s --selector=test=olm-bundle-validation-test
Actual results:
operator-sdk scorecard ./bundle -c ./bundle/tests/scorecard/config.yaml -w 60s --selector=test=olm-bundle-validation-test -------------------------------------------------------------------------------- Image: quay.io/operator-framework/scorecard-test:v1.20.0 Entrypoint: [scorecard-test olm-bundle-validation] Labels: "suite":"olm" "test":"olm-bundle-validation-test" Results: State: fail Errors: pods "scorecard-test-pgqs" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (containers "scorecard-untar", "scorecard-test" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "scorecard-untar", "scorecard-test" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "scorecard-untar", "scorecard-test" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "scorecard-untar", "scorecard-test" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
Expected results:
operator-sdk scorecard ./bundle -c ./bundle/tests/scorecard/config.yaml -w 60s --selector=test=olm-bundle-validation-test -------------------------------------------------------------------------------- Image: quay.io/operator-framework/scorecard-test:v1.20.0 Entrypoint: [scorecard-test olm-bundle-validation] Labels: "suite":"olm" "test":"olm-bundle-validation-test" Results: State: Success
Additional info:
- clones
-
-
- Closed
-
- depends on
-
-
- Closed
-
- links to