Some manifests from cert-manager fail to be appplied:


Oct 07 01:56:10 i-0e2d797ce645f9da0.ec2.internal microshift[1904]: ??? I1007 01:56:10.867254    1904 kustomize.go:193] Kustomization ("/usr/lib/microshift/manifests.d/060-microshift-cert-manager"): deployment.apps/cert-manager-operator-controller-manager serverside-applied
Oct 07 01:56:10 i-0e2d797ce645f9da0.ec2.internal microshift[1904]: ??? I1007 01:56:10.871837    1904 kustomize.go:80] Applying kustomization failed: pods "cert-manager-operator-cert-manager-images" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (containers "cert-manager-webhook", "cert-manager-ca-injector", "cert-manager-controller", "cert-manager-acmesolver", "cert-manager-istiocsr" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "cert-manager-webhook", "cert-manager-ca-injector", "cert-manager-controller", "cert-manager-acmesolver", "cert-manager-istiocsr" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "cert-manager-webhook", "cert-manager-ca-injector", "cert-manager-controller", "cert-manager-acmesolver", "cert-manager-istiocsr" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "cert-manager-webhook", "cert-manager-ca-injector", "cert-manager-controller", "cert-manager-acmesolver", "cert-manager-istiocsr" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost"). Retrying in 10s.

1.
2.
3.

https://prow.ci.openshift.org/view/gs/test-platform-results/logs/periodic-ci-openshift-microshift-release-4.20-periodics-e2e-aws-ai-model-serving-nightly/1975365583922794496