-
Bug
-
Resolution: Done
-
Undefined
-
None
-
4.12.0
-
None
-
None
-
False
-
periodic-ci-openshift-release-master-nightly-4.12-e2e-aws-driver-toolkit is permafailing after the recent enforcement of pod security labels merged in https://github.com/openshift/cluster-kube-apiserver-operator/pull/1369.
Error message:
#### Driver Toolkit e2e test #### + set_artifact_dir + '[' -z /logs/artifacts ']' + echo 'Using ARTIFACT_DIR=/logs/artifacts.' Using ARTIFACT_DIR=/logs/artifacts. + oc version -o json + jq --raw-output .openshiftVersion + oc get clusterversion/version -oyaml + get_dtk_image_info + oc debug --image-stream=openshift/driver-toolkit:latest -n openshift --quiet -- bash -c 'echo "$SOURCE_GIT_URL/commit/$SOURCE_GIT_COMMIT"' Error from server (Forbidden): pods "image-debug" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "debug" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "debug" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "debug" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "debug" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
- is related to
-
-
- Closed
-
- relates to
-
TRT-540 Track down lingering Pod Security issues
-
- Closed
-
- links to