-
Bug
-
Resolution: Done-Errata
-
Major
-
4.15.z, 4.16
-
None
This is a clone of issue OCPBUGS-29847. The following is the description of the original issue:
—
Description of problem:
microshift-olm RPM ship openshift-marketplace namespace with "restricted" security which is different from OpenShift's setting. Result is that CatalogSource created by oc-mirror won't work as is: either namespace's security needs to be changed to "baseline" or "privileged", or CatalogSource needs to be edited to include following: spec: grpcPodConfig: securityContextConfig: restricted MicroShift: https://github.com/openshift/microshift/blob/main/assets/optional/operator-lifecycle-manager/0000_50_olm_00-namespace.yaml#L39 OpenShift: https://github.com/operator-framework/operator-marketplace/blob/master/manifests/01_namespace.yaml#L13
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. Mirror catalog/operators using oc-mirror 2. Apply generated CatalogSource
Actual results:
Pod for Catalog is not created because of the security (it can be observed in CatalogSource's status).
Expected results:
Catalog's Pod runs
Additional info:
Gdoc draft of OLM's offline/disconnected: https://docs.google.com/document/d/1H7no37mFLLlSo4HVa2zKgWiPLD-j1EarajlHMmGXUds/edit
- clones
-
OCPBUGS-29847 Pod security of openshift-marketplace namespace is too restrictive (should be "baseline")
- Closed
- is blocked by
-
OCPBUGS-29847 Pod security of openshift-marketplace namespace is too restrictive (should be "baseline")
- Closed
- links to
-
RHBA-2024:1451 Red Hat build of MicroShift 4.15.z bug fix and enhancement update