Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-63684

Remove Konflux exclusions for PRIVILEGED_NESTED and platform

XMLWordPrintable

    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Currently the appliance image that the agent-installer Dockerfile uses calls podman to create the registry:

      podman build -f Dockerfile.registry -t registry .

      This requires buildah to be run as root, the following Konflux fields are needed:

        - name: privileged-nested
    value: 'true'
  - name: build-platforms
    value:
    - linux-root/amd64

      When run against the registry-standard suite of tests there are Violations detected because of these settings:

       [Violation] buildah_build_task.platform_param
  ImageRef: quay.io/redhat-user-workloads/ocp-agent-based-installer-tenant/ove-ui-iso@sha256:ceedc8574b22c487e34991c72c844990e67d74c989ba1fa9a676b86a14994bb3
  Reason: PLATFORM parameter value "linux-root/amd64" is disallowed by regex ".*root.*"
  Title: PLATFORM parameter
[Violation] buildah_build_task.privileged_nested_param
  ImageRef: quay.io/redhat-user-workloads/ocp-agent-based-installer-tenant/ove-ui-iso@sha256:ceedc8574b22c487e34991c72c844990e67d74c989ba1fa9a676b86a14994bb3
  Reason: setting PRIVILEGED_NESTED parameter to true is not allowed
  Title: PRIVILEGED_NESTED parameter

      When the registry no longer needs to be built (see https://issues.redhat.com/browse/AGENT-1311) this podman build can be removed, and likewise the PRIVILEGED_NESTED parameter can be to false, and the exclusions removed.

              bfournie@redhat.com Robert Fournier
              bfournie@redhat.com Robert Fournier
              None
              None
              Manoj Hans Manoj Hans
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: