-
Bug
-
Resolution: Unresolved
-
Major
-
4.20
-
None
-
None
-
False
-
-
None
-
None
-
None
-
None
-
None
-
Node Green Sprint 280
-
1
-
In Progress
-
Feature
-
-
None
-
None
-
None
-
None
Description of problem:
SCCs Missing “image” as supported volume type
Version-Release number of selected component (if applicable):
OpenShift 4.20
How reproducible:
Spin up a pod using image volume.
Steps to Reproduce:
https://kubernetes.io/docs/tasks/configure-pod-container/image-volumes/
Actual results:
Error creating: pods "http-echo-5c76855d7f-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider "cert-manager-csi-driver-scc": Forbidden: not usable by user or serviceaccount, spec.volumes[0]: Invalid value: "image": image volumes are not allowed to be used, provider "restricted-v3": Forbidden: not usable by user or serviceaccount, provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nested-container": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "noobaa": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "logging-scc": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid-v2": Forbidden: not usable by user or serviceaccount, provider "netobserv-ebpf-agent": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "insights-runtime-extractor-scc": Forbidden: not usable by user or serviceaccount, provider "rook-ceph": Forbidden: not usable by user or serviceaccount, provider "rook-ceph-csi": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "ceph-csi-op-scc": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]
Expected results:
For the SCCs to be included and the pod be created with "image" as the support volume.
Additional info:
