Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-3592

podlocality-controller errors updating SeccompProfile

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Duplicate
    • Icon: Blocker Blocker
    • None
    • OSSM 2.4.0
    • Customer Impact, Maistra
    • None
    • False
    • None
    • False
    • OCPSTRAT-416 - Gateway API using Istio for Cluster Ingress (Dev Preview)

      In testing OSSM Istio components with cluster-ingress-operator, I found this error in the log. It seems that podlocality-controller is trying to clear the SeccompProfile field.

      {"level":"error","ts":1679610741.7446668,"logger":"controller","msg":"Reconciler error","controller":"podlocality-controller","name":"test-gateway-ff6d8df86-5mvk4","namespace":"openshift-ingress","error":"Pod \"test-gateway-ff6d8df86-5mvk4\" is invalid: spec: Forbidden: pod updates may not change fields other than `spec.containers[*].image`, `spec.initContainers[*].image`, `spec.activeDeadlineSeconds`, `spec.tolerations` (only additions to existing tolerations) or `spec.terminationGracePeriodSeconds` (allow it to be set to 1 if it was previously negative)\n core.PodSpec{\n \t... // 10 identical fields\n \tAutomountServiceAccountToken: nil,\n \tNodeName: \"ci-ln-95xvtb2-72292-9jj4w-worker-c-npr7d\",\n \tSecurityContext: &core.PodSecurityContext{\n \t\t... // 12 identical fields\n \t\tFSGroupChangePolicy: nil,\n \t\tSysctls: Name: \"net.ipv4.ip_unprivileged_port_start\", Value: \"0\",\n- \t\t
      SeccompProfile: &core.SeccompProfile {Type: \"RuntimeDefault\"}
      ,\n+ \t\tSeccompProfile: nil,\n \t},
      \n \tImagePullSecrets: Name: \"default-dockercfg-4dlcm\",\n \tHostname: \"\",\n \t... // 18 identical fields\n }\n","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/remote-source/istio-operator/app/vendor/github.com/go-logr/zapr/zapr.go:132\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/remote-source/istio-operator/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:246\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/remote-source/istio-operator/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:218\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/remote-source/istio-operator/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:197\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/remote-source/istio-operator/app/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/remote-source/istio-operator/app/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/remote-source/istio-operator/app/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/remote-source/istio-operator/app/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90"}

            rh-ee-yannliu Yann Liu
            cholman@redhat.com Candace Holman
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: