Normal On openshift 4.15 (works on 4.14) installing korrel8r operator via operator-sdk -n korrel8r run bundle }}{{quay.io/korrel8r/operator-bundle:v0.0.7 , I get error:
FATA[0077] Failed to run bundle: create catalog: error creating registry pod: error creating pod: pods "quay-io-korrel8r-operator-bundle-v0-0-7" is forbidden: violates PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (containers "registry-grpc-init", "registry-grpc" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "registry-grpc-init", "registry-grpc" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "registry-grpc-init", "registry-grpc" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "registry-grpc-init", "registry-grpc" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
After adding below labels to ns/korrel8r, the installation works:
oc label ns/korrel8r pod-security.kubernetes.io/enforce=privileged --overwrite
oc label ns/korrel8r pod-security.kubernetes.io/warn=privileged --overwrite
The operator should apply these labels automatically.
Korrel8r does not deply on Openshift 4.15 due to security profile restrictions
-
Alan Conway
-
- Votes:
-
0 Vote for this issue
- Watchers:
-
2 Start watching this issue
- Created:
- Updated:
- Resolved: