Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-8067

Test "[sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel]" fails: Error creating: pods "csi-nodeplugin-nfsplugin-" is forbidden

    XMLWordPrintable

Details

    • +
    • Important
    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Release Note Not Required

    Description

      Description of problem:

      The following test fails using Openshift on Openstack

[BeforeEach] [Top Level]
  github.com/openshift/origin/test/extended/util/framework.go:1496
[BeforeEach] [Top Level]
  github.com/openshift/origin/test/extended/util/framework.go:1496
[BeforeEach] [Top Level]
  github.com/openshift/origin/test/extended/util/test.go:61
[BeforeEach] [sig-auth][Feature:SCC][Early]
  github.com/openshift/origin/test/extended/util/client.go:153
STEP: Creating a kubernetes client
[It] should not have pod creation failures during install [Suite:openshift/conformance/parallel]
  github.com/openshift/origin/test/extended/authorization/scc.go:24
[AfterEach] [sig-auth][Feature:SCC][Early]
  github.com/openshift/origin/test/extended/util/client.go:151
[AfterEach] [sig-auth][Feature:SCC][Early]
  github.com/openshift/origin/test/extended/util/client.go:152
fail [github.com/openshift/origin/test/extended/authorization/scc.go:94]: 2 pods failed before test on SCC errors
Error creating: pods "csi-nodeplugin-nfsplugin-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, spec.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed, spec.containers[0].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount] for DaemonSet.apps/v1/csi-nodeplugin-nfsplugin -n openshift-manila-csi-driver happened 10 times
Error creating: pods "openstack-manila-csi-nodeplugin-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, spec.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.volumes[2]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed, spec.containers[0].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, spec.containers[1].securityContext.privileged: Invalid value: true: Privileged containers are not allowed, spec.containers[1].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount] for DaemonSet.apps/v1/openstack-manila-csi-nodeplugin -n openshift-manila-csi-driver happened 11 times
Ginkgo exit error 1: exit with code 1

      Version-Release number of selected component (if applicable):

      OCP:4.11.27 OSP:RHOS-16.2-RHEL-8-20221201.n.1

      How reproducible:

       

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

       

      Expected results:

       

      Additional info:

       

      Attachments

        Issue Links

          depends on

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-944 CI failure due to pod security in manila

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          links to

          GitHub openshift/csi-driver-manila-operator#188: OCPBUGS-8067: Fix SCC admission failure race during initial deployment

          Web Link RHBA-2023:4614 OpenShift Container Platform 4.11.z bug fix update

          Activity

            People

              maandre@redhat.com Martin André
              itbrown@redhat.com Itshak Brown
              Itay Matza Itay Matza
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: