-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.21
-
None
Description of problem:
"[sig-api-machinery] API_Server on Microshift [It] Author:rgangwar-MicroShiftBoth-ConnectedOnly-Medium-55394-[Apiserver] MicroShift enable SCC admission for pods test" failed because the pod is created with a missing fsGroup
Version-Release number of selected component (if applicable):
4.21.0-rc.1 on x86. This is not reproducible on ARM architecture.
How reproducible:
always on 4.21.0-rc.1
Steps to Reproduce:
1. Run Ginkgo test case: "[sig-api-machinery] API_Server on Microshift [It] Author:rgangwar-MicroShiftBoth-ConnectedOnly-Medium-55394-[Apiserver] MicroShift enable SCC admission for pods test"
2.
3.
Actual results:
• [PANICKED] [222.518 seconds]
[sig-api-machinery] API_Server on Microshift [It] Author:rgangwar-MicroShiftBoth-ConnectedOnly-Medium-55394-[Apiserver] MicroShift enable SCC admission for pods
/tmp/tmp.I4ekJytyWF/openshift-tests-private/test/extended/apiserverauth/apiserver_microshift.go:480
Timeline >>
STEP: Creating a kubernetes client @ 01/08/26 04:07:05.353
I0108 04:07:05.368507 507110 client.go:486] Creating namespace "e2e-test-default-wb9lb"
I0108 04:07:05.380389 507110 client.go:491] Waiting for ServiceAccount "default" to be provisioned...
I0108 04:07:05.485060 507110 client.go:495] Configuring kubeconfig with user "e2e-test-default-wb9lb-user" certificates...
I0108 04:07:07.078970 507110 client.go:293] configPath is now "/tmp/configfile4051781145"
I0108 04:07:07.079012 507110 client.go:498] Waiting for RoleBinding "e2e-test-default-wb9lb-user" to be provisioned...
I0108 04:07:07.084506 507110 client.go:502] Waiting on permissions in namespace "e2e-test-default-wb9lb" ...
I0108 04:07:07.364467 507110 client.go:521] Namespace "e2e-test-default-wb9lb" has been fully provisioned.
I0108 04:07:07.364710 507110 apiserver_microshift.go:37] The cluster should be healthy before running case.
namespace/r6c171tq created
namespace "r6c171tq" deleted
I0108 04:07:13.076170 507110 apiserver_util.go:1892] Cluster sanity check passed
STEP: 1.Create temporary namespace @ 01/08/26 04:07:13.076
STEP: 2. Create one pod security-context-demo-ocp55394 with the specified security context. @ 01/08/26 04:07:13.183
I0108 04:07:13.183100 507110 apiserver_util.go:460] apiserver fixture dir is not initialized, start to create
I0108 04:07:13.187939 507110 apiserver_util.go:463] apiserver fixture dir is initialized: /tmp/fixture-testdata-dir2892104936/test/extended/testdata/apiserverauth
pod/security-context-demo-ocp55394 created
STEP: 3. Verify that the Pod's security-context-demo-ocp55394 Container is running @ 01/08/26 04:07:13.306
I0108 04:07:23.409925 507110 pods.go:176] Pod security-context-demo-ocp55394 is ready!
STEP: 4.1 Verify if the processes are running with the specified user ID 1000 in the pod. @ 01/08/26 04:07:23.41
I0108 04:07:38.587390 507110 apiserver_util.go:801] Attempting to execute command on pod security-context-demo-ocp55394. Output: PID USER TIME COMMAND
1 1000 0:00 sleep 1h
2 1000 0:00 ps, Error: <nil>
I0108 04:07:38.587444 507110 apiserver_util.go:832] Successfully retrieved non-empty output from pod security-context-demo-ocp55394: PID USER TIME COMMAND
1 1000 0:00 sleep 1h
2 1000 0:00 ps
I0108 04:07:38.587500 507110 apiserver_microshift.go:506] Processes are running on pod security-context-demo-ocp55394 with user id 1000 :: PID USER TIME COMMAND
1 1000 0:00 sleep 1h
2 1000 0:00 ps
STEP: 4.2 Verify that user is running with specified uid=1000 gid=3000 groups=2000 @ 01/08/26 04:07:38.587
I0108 04:07:53.775700 507110 apiserver_util.go:801] Attempting to execute command on pod security-context-demo-ocp55394. Output: uid=1000(1000) gid=3000 groups=2000,3000, Error: <nil>
I0108 04:07:53.775738 507110 apiserver_util.go:832] Successfully retrieved non-empty output from pod security-context-demo-ocp55394: uid=1000(1000) gid=3000 groups=2000,3000
I0108 04:07:53.775826 507110 apiserver_microshift.go:515] On pod security-context-demo-ocp55394 User running with :: uid=1000(1000) gid=3000 groups=2000,3000
STEP: 5. Create one pod security-context-demo-2-ocp55394 with the specified security context. @ 01/08/26 04:07:53.775
I0108 04:07:53.775904 507110 apiserver_util.go:466] apiserver fixture dir found in cache: /tmp/fixture-testdata-dir2892104936/test/extended/testdata/apiserverauth
pod/security-context-demo-2-ocp55394 created
STEP: 6. Verify that the Pod's security-context-demo-2-ocp55394 Container is running @ 01/08/26 04:07:53.967
I0108 04:08:04.065851 507110 pods.go:176] Pod security-context-demo-2-ocp55394 is ready!
STEP: 7. Verify that processes are running with the specified user ID 2000 in the pod. @ 01/08/26 04:08:04.066
I0108 04:08:19.255042 507110 apiserver_util.go:801] Attempting to execute command on pod security-context-demo-2-ocp55394. Output: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
2000 1 0.0 0.0 705960 768 ? Ssl 04:07 0:00 /hello_openshift
2000 6 0.0 0.0 1704 768 ? Rs 04:08 0:00 ps aux, Error: <nil>
I0108 04:08:19.255086 507110 apiserver_util.go:832] Successfully retrieved non-empty output from pod security-context-demo-2-ocp55394: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
2000 1 0.0 0.0 705960 768 ? Ssl 04:07 0:00 /hello_openshift
2000 6 0.0 0.0 1704 768 ? Rs 04:08 0:00 ps aux
I0108 04:08:19.255128 507110 apiserver_microshift.go:534] Processes are running on pod security-context-demo-2-ocp55394 with user id 2000 :: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
2000 1 0.0 0.0 705960 768 ? Ssl 04:07 0:00 /hello_openshift
2000 6 0.0 0.0 1704 768 ? Rs 04:08 0:00 ps aux
STEP: 8. Ensure that pods in different namespaces are launched with different UIDs. @ 01/08/26 04:08:19.255
STEP: 8.1 Create two different namespaces. @ 01/08/26 04:08:19.255
I0108 04:08:19.291544 507110 apiserver_util.go:466] apiserver fixture dir found in cache: /tmp/fixture-testdata-dir2892104936/test/extended/testdata/apiserverauth
STEP: 8.2 Create pods in both namespaces @ 01/08/26 04:08:19.291
STEP: 8.3 Verify pods should have different UID's and desc in both namespaces. @ 01/08/26 04:08:19.291
pod/pod-for-ping created
I0108 04:08:25.585028 507110 apiserver_util.go:1035] The resource returned:
pod-for-ping
I0108 04:08:25.585071 507110 apiserver_util.go:1263] Namespace testpod-namespace-1 pods are: pod-for-ping
I0108 04:08:35.699575 507110 pods.go:176] Pod pod-for-ping is ready!
I0108 04:08:41.978615 507110 apiserver_util.go:1035] The resource returned:
'pod-for-ping runAsUser: 1000580000 fsGroup: seLinuxOptions: s0:c24,c14
'
pod/pod-for-ping created
I0108 04:08:48.301631 507110 apiserver_util.go:1035] The resource returned:
pod-for-ping
I0108 04:08:48.301670 507110 apiserver_util.go:1263] Namespace testpod-namespace-2 pods are: pod-for-ping
I0108 04:08:58.471873 507110 pods.go:176] Pod pod-for-ping is ready!
I0108 04:09:06.403000 507110 apiserver_util.go:1035] The resource returned:
'pod-for-ping runAsUser: 1000590000 fsGroup: seLinuxOptions: s0:c24,c19
'
pod "security-context-demo-2-ocp55394" deleted from test-scc-ocp55394 namespace
pod "security-context-demo-ocp55394" deleted from test-scc-ocp55394 namespace
namespace "test-scc-ocp55394" deleted
[PANICKED] in [It] - /home/ec2-user/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.11.linux-amd64/src/runtime/panic.go:115 @ 01/08/26 04:10:47.819
Jan 8 04:10:47.819: INFO: [1mtest dir /tmp/-OCP-microshift-apiseerver-cases-7zer0254/ is cleaned up[0m
STEP: Collecting events from namespace "e2e-test-default-wb9lb". @ 01/08/26 04:10:47.819
STEP: Found 0 events. @ 01/08/26 04:10:47.83
I0108 04:10:47.833385 507110 resource.go:151] POD NODE PHASE GRACE CONDITIONS
I0108 04:10:47.833421 507110 resource.go:161]
I0108 04:10:47.837817 507110 dump.go:81] skipping dumping cluster info - cluster too large
I0108 04:10:47.857338 507110 client.go:681] Deleted {certificates.k8s.io/v1, Resource=certificatesigningrequests e2e-test-default-wb9lb-user}, err: <nil>
STEP: Destroying namespace "e2e-test-default-wb9lb" for this suite. @ 01/08/26 04:10:47.857
<< Timeline
[PANICKED] Test Panicked
In [It] at: /home/ec2-user/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.11.linux-amd64/src/runtime/panic.go:115 @ 01/08/26 04:10:47.819
runtime error: index out of range [6] with length 6
Full Stack Trace
github.com/openshift/openshift-tests-private/test/extended/apiserverauth.init.func3.8()
/tmp/tmp.I4ekJytyWF/openshift-tests-private/test/extended/apiserverauth/apiserver_microshift.go:590 +0x1bcf
github.com/onsi/ginkgo/v2/internal.extractBodyFunction.func3({0x0?, 0x0?})
/home/ec2-user/go/pkg/mod/github.com/openshift/onsi-ginkgo/v2@v2.6.1-0.20240806135314-3946b2b7b2a8/internal/node.go:472 +0x13
github.com/onsi/ginkgo/v2/internal.(*Suite).runNode.func3()
/home/ec2-user/go/pkg/mod/github.com/openshift/onsi-ginkgo/v2@v2.6.1-0.20240806135314-3946b2b7b2a8/internal/suite.go:901 +0x7b
created by github.com/onsi/ginkgo/v2/internal.(*Suite).runNode in goroutine 1
/home/ec2-user/go/pkg/mod/github.com/openshift/onsi-ginkgo/v2@v2.6.1-0.20240806135314-3946b2b7b2a8/internal/suite.go:888 +0xd7b
------------------------------
Summarizing 1 Failure:
[PANICKED!] [sig-api-machinery] API_Server on Microshift [It] Author:rgangwar-MicroShiftBoth-ConnectedOnly-Medium-55394-[Apiserver] MicroShift enable SCC admission for pods
/home/ec2-user/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.11.linux-amd64/src/runtime/panic.go:115
Ran 1 of 1 Specs in 222.518 seconds
FAIL! -- 0 Passed | 1 Failed | 0 Pending | 0 Skipped
Expected results:
test pass
Additional info:
- is duplicated by
-
-
- Closed
-
- links to