-
Bug
-
Resolution: Done
-
Blocker
-
openshift-4.12
-
None
-
None
-
True
-
None
-
False
-
OSDK Sprint 225, OSDK Sprint 226
-
Critical
-
Customer Facing
Description of problem:
- 'run bundle'failed because of the request of PodSecurity
Version-Release number of selected component (if applicable):
- operator-sdk version: "v1.22.1", commit: "46ab175459a775d2fb9f0454d0b4a8850dd745ed", kubernetes version: "v1.24.1", go version: "go1.18.3", GOOS: "darwin", GOARCH: "arm64"
- Client Version: 4.11.0-0.nightly-2022-07-28-162203
- Kustomize Version: v4.5.4
- Server Version: 4.12.0-0.nightly-2022-08-30-142847
- Kubernetes Version: v1.24.0+a097e26
How reproducible:
- Always
Steps to Reproduce:
jitli@RedHat:~/work/src/github/openshift-tests-private$ oc new-project jitli
jitli@RedHat:~/work/src/test/operator/memcached-operator-31219$ operator-sdk run bundle quay.io/olmqe/upgradeindex-bundle:v0.1 --index-image quay.io/olmqe/largefbcindexwithupgradefbc:v4.11 --timeout 5m -n jitli INFO[0021] Creating a File-Based Catalog of the bundle "quay.io/olmqe/upgradeindex-bundle:v0.1" INFO[0027] Rendering a File-Based Catalog of the Index Image "quay.io/olmqe/largefbcindexwithupgradefbc:v4.11" to verify if bundle "upgradeindex.v0.0.1" is present INFO[0048] Generated the extra FBC for the bundle image "upgradeindex.v0.0.1" INFO[0048] Generated a valid File-Based Catalog FATA[0051] Failed to run bundle: create catalog: error creating registry pod: error creating pod: pods "quay-io-olmqe-upgradeindex-bundle-v0-1" is forbidden: violates PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "registry-grpc" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "registry-grpc" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "registry-grpc" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "registry-grpc" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
But use default
jitli@RedHat:~/work/src/test/operator/memcached-operator-31219$ operator-sdk run bundle quay.io/olmqe/upgradeindex-bundle:v0.1 --index-image quay.io/olmqe/largefbcindexwithupgradefbc:v4.11 --timeout 5m INFO[0039] Creating a File-Based Catalog of the bundle "quay.io/olmqe/upgradeindex-bundle:v0.1" INFO[0045] Rendering a File-Based Catalog of the Index Image "quay.io/olmqe/largefbcindexwithupgradefbc:v4.11" to verify if bundle "upgradeindex.v0.0.1" is present INFO[0065] Generated the extra FBC for the bundle image "upgradeindex.v0.0.1" INFO[0065] Generated a valid File-Based Catalog INFO[0072] Created registry pod: quay-io-olmqe-upgradeindex-bundle-v0-1 INFO[0073] Created CatalogSource: upgradeindex-catalog INFO[0074] Created Subscription: upgradeindex-v0-0-1-sub INFO[0077] Approved InstallPlan install-vk96f for the Subscription: upgradeindex-v0-0-1-sub INFO[0077] Waiting for ClusterServiceVersion "default/upgradeindex.v0.0.1" to reach 'Succeeded' phase INFO[0078] Waiting for ClusterServiceVersion "default/upgradeindex.v0.0.1" to appear INFO[0090] Found ClusterServiceVersion "default/upgradeindex.v0.0.1" phase: Pending INFO[0094] Found ClusterServiceVersion "default/upgradeindex.v0.0.1" phase: Installing INFO[0103] Found ClusterServiceVersion "default/upgradeindex.v0.0.1" phase: Succeeded INFO[0105] OLM has successfully installed "upgradeindex.v0.0.1"
upstream 1.23 reproduce too on OSP4.12
- is cloned by
-
-
- Closed
-