Uploaded image for project: 'Knative Serving'
  1. Knative Serving
  2. SRVKS-953

kourier gateway failed to deploy due to runAsNonRoot=false on OCP 4.12

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 1.25.0
    • None
    • None
    • None

      OCP 4.12 changes pod security and kourier-gateway which has runAsNonRoot=false fails to be deployed on OCP 4.12.

      Please refer to the mail subject: "Pod Security Standards and Openshift changes on 4.11 and 4.12 that might affect your workloads(Operator, Operands)".
      Here is the actual error - https://coreos.slack.com/archives/CJYKV1YAH/p1660830195167079

      type: ReplicaFailure
      status: 'True'
      lastUpdateTime: '2022-08-19T02:42:44Z'
      lastTransitionTime: '2022-08-19T02:42:44Z'
      reason: FailedCreate
      message: >-
        pods "3scale-kourier-gateway-5cc668d4f8-gfmrh" is forbidden: violates
        PodSecurity "restricted:v1.24": runAsNonRoot != true (container
        "kourier-gateway" must not set securityContext.runAsNonRoot=false)

      The security policy was added by:

      https://github.com/knative-sandbox/net-kourier/issues/274
      https://github.com/knative-sandbox/net-kourier/pull/272

      We need to fix the issue or need some workaround.

              rhn-support-knakayam Kenjiro Nakayama (Inactive)
              rhn-support-knakayam Kenjiro Nakayama (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: