Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: None
Affects Version/s: 4.11
Component/s: Storage / OpenStack CSI Drivers
Labels:
- QA-Triaged
- Triaged

Test Coverage:

+
Severity:
Important
Regression:
No
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Type:
Release Note Not Required
Target Version:

4.11.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

The following test fails using Openshift on Openstack

[BeforeEach] [Top Level]
  github.com/openshift/origin/test/extended/util/framework.go:1496
[BeforeEach] [Top Level]
  github.com/openshift/origin/test/extended/util/framework.go:1496
[BeforeEach] [Top Level]
  github.com/openshift/origin/test/extended/util/test.go:61
[BeforeEach] [sig-auth][Feature:SCC][Early]
  github.com/openshift/origin/test/extended/util/client.go:153
STEP: Creating a kubernetes client
[It] should not have pod creation failures during install [Suite:openshift/conformance/parallel]
  github.com/openshift/origin/test/extended/authorization/scc.go:24
[AfterEach] [sig-auth][Feature:SCC][Early]
  github.com/openshift/origin/test/extended/util/client.go:151
[AfterEach] [sig-auth][Feature:SCC][Early]
  github.com/openshift/origin/test/extended/util/client.go:152
fail [github.com/openshift/origin/test/extended/authorization/scc.go:94]: 2 pods failed before test on SCC errors
Error creating: pods "csi-nodeplugin-nfsplugin-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, spec.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed, spec.containers[0].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount] for DaemonSet.apps/v1/csi-nodeplugin-nfsplugin -n openshift-manila-csi-driver happened 10 times
Error creating: pods "openstack-manila-csi-nodeplugin-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, spec.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.volumes[2]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed, spec.containers[0].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, spec.containers[1].securityContext.privileged: Invalid value: true: Privileged containers are not allowed, spec.containers[1].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount] for DaemonSet.apps/v1/openstack-manila-csi-nodeplugin -n openshift-manila-csi-driver happened 11 times
Ginkgo exit error 1: exit with code 1

Version-Release number of selected component (if applicable):

OCP:4.11.27 OSP:RHOS-16.2-RHEL-8-20221201.n.1

How reproducible:

Steps to Reproduce:

1.
2.
3.

Actual results:

Expected results:

Additional info:

depends on

OCPBUGS-944 CI failure due to pod security in manila

Closed

links to

openshift/csi-driver-manila-operator#188: OCPBUGS-8067: Fix SCC admission failure race during initial deployment

RHBA-2023:4614 OpenShift Container Platform 4.11.z bug fix update

Assignee:: Martin André

Reporter:: Itshak Brown

QA Contact:: Itay Matza

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2023/03/01 9:52 AM

Updated:: 2023/08/16 1:23 AM

Resolved:: 2023/08/16 1:23 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates