-
Bug
-
Resolution: Cannot Reproduce
-
Undefined
-
None
-
4.12
-
False
-
-
Description of problem:
On OCP 4.12 linuxptp-daemon pods cannot be created due to: Warning FailedCreate 8s daemonset-controller Error creating: pods "linuxptp-daemon-nzdm6" is forbidden: violates PodSecurity "restricted:latest": host namespaces (hostNetwork=true, hostPID=true), hostPort (container "kube-rbac-proxy" uses hostPort 8443), privileged (container "linuxptp-daemon-container" must not set securityContext.privileged=true), allowPrivilegeEscalation != false (containers "kube-rbac-proxy", "linuxptp-daemon-container" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "kube-rbac-proxy", "linuxptp-daemon-container" must set securityContext.capabilities.drop=["ALL"]), restricted volume types (volume "socket-dir" uses restricted volume type "hostPath"), runAsNonRoot != true (pod or containers "kube-rbac-proxy", "linuxptp-daemon-container" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "kube-rbac-proxy", "linuxptp-daemon-container" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
Version-Release number of selected component (if applicable):
4.12.0-0.nightly-2022-10-05-053337 ptp-operator.4.12.0-202210070037
How reproducible:
100%
Steps to Reproduce:
1. Deploy SNO with Telco DU profile applied 2. Check linuxptp-daemon daemonset
Actual results:
oc -n openshift-ptp get ds linuxptp-daemon NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE linuxptp-daemon 0 0 0 0 0 kubernetes.io/os=linux 18h
Expected results:
linuxptp-daemon ds is ready
Additional info: