Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: rhwa-4.22-0
Affects Version/s: rhwa-26.1
Component/s: Storage-based Remediation
Labels:
None

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
Productize SBR Phase III
Release Note Text:

Hide
When installing the Storage-based Remediation (SBR) Operator using the Operator Hub, permissions are missing to create the 'SecurityContextConstraints'.

Cause: Attempting to install the SBR Operator using the Operator Lifecycle Manager (OLM), and applying a default SBDConfig, results in a broken state where the agent pods cannot start.
Consequence: The operator controller logs repeated errors stating it cannot find the required 'SecurityContextConstraints'.
Fix: Manually create the 'SecurityContextConstraints' before creating your first 'SBDConfig'.
Result: The permissions are present to create the 'SecurityContextConstraints' where the agent pods can start.

Show
When installing the Storage-based Remediation (SBR) Operator using the Operator Hub, permissions are missing to create the 'SecurityContextConstraints'. Cause: Attempting to install the SBR Operator using the Operator Lifecycle Manager (OLM), and applying a default SBDConfig, results in a broken state where the agent pods cannot start. Consequence: The operator controller logs repeated errors stating it cannot find the required 'SecurityContextConstraints'. Fix: Manually create the 'SecurityContextConstraints' before creating your first 'SBDConfig'. Result: The permissions are present to create the 'SecurityContextConstraints' where the agent pods can start.
Release Note Type:
Bug Fix
Release Note Status:
In Progress
Intelligence Requested:
Market:

Severity:
Important

Target Version:

rhwa-4.22-0

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Attempting to install the SBR Operator via OLM and applying a default SBDConfig results in a broken state where Agent pods cannot start.

Missing Permissions to Create SCC : The operator controller logs repeated errors stating it cannot find the required SecurityContextConstraints: Failed to ensure SCC permissions... required SCC 'sbd-operator-sbd-agent-privileged' not found

Upon inspecting the installed ClusterServiceVersion (storage-base-remediation.v0.1.0), the ClusterRole granted to the operator service account (sbd-operator-controller-manager) includes permissions to get, list, patch, and update SCCs, but missing the create verb.

Since the SCC is not included as a static resource in the OLM bundle, and the operator is forbidden from creating it at runtime, the installation never converges.

links to

medik8s/storage-based-remediation#9: Use OpenShift built-in privileged SCC for sbd-agent

Assignee:: Michael Shitrit

Reporter:: Maxim Alter

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2026/01/20 6:12 PM

Updated:: 2026/02/24 2:56 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty