-
Bug
-
Resolution: Not a Bug
-
Critical
-
None
-
4.12
-
None
-
None
-
Build + Jenkins Sprint 231, Build + Jenkins Sprint 232, Build + Jenkins Sprint 233, Build + Jenkins Sprint #234
-
4
-
Rejected
-
False
-
Description of problem:
Running `oc create deployment nginx --image=nginx` as kubeadmin in the default project fails with error: Warning FailedCreate <invalid> replicaset-controller Error creating: pods "nginx-8f458dc5b-c4gll" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "nginx" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "nginx" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "nginx" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nginx" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
Version-Release number of selected component (if applicable):
$ oc version Client Version: 4.10.22 Server Version: 4.12.0-0.nightly-2022-09-28-204419 Kubernetes Version: v1.24.0+8c7c967
How reproducible:
deterministic
Steps to Reproduce:
1. Launch 4.12 cluster from latest nightlies 2. As kubeadmin, run `oc create deployment nginx --image=nginx`. 3. Validate that the ReplicaSet controller shows above error.
Actual results:
ReplicaSet fails to create pod.
Expected results:
ReplicaSet succeeds to create pod.
Additional info:
- relates to
-
-
- Closed
-