Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
4.11.z
-
None
-
Rejected
-
False
-
Description
Description of problem:
pod / application start problem on ocp 4.11
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
We have installed a new openshift cluster, version 4.11 and we are going to migrate our applications from old cluster to new cluster. Old cluster version is 4.8. DevOps team updated their ci/cd pipeline and if a deployment starts to a project, it deploys on both clusters. However, pods in new cluster cant start, they get "exec /app/run-java.sh: permission denied" error, while pods on old cluster works properly. Also, tested the same deployment on ocp 4.10, there was no problem. We found that, there are some scc changes in ocp 4.11 (https://access.redhat.com/articles/6973044, https://access.redhat.com/solutions/6975936). However, our applications are java based and does not require any high privilege, we are not assigning any special permission like anyuid etc on old clusters. we, also, followed the steps described in KB article,https://access.redhat.com/articles/6973044 and created clusterrolebinding / rolebindings for test nothing changed, pods continue to get permission error. We found that if we change entrypoint in dockerfile from ENTRYPOINT ["/app/run-java.sh"] to ENTRYPOINT ["/bin/sh","/app/run-java.sh"] pods starts working normally. We want to understand that what cause this issue?
Actual results:
Expected results:
Additional info: