Bug 1795395
Summary: | init container setup does not have the proper `securityContext` | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Scott Dodson <sdodson> |
Component: | kube-apiserver | Assignee: | Stefan Schimanski <sttts> |
Status: | CLOSED ERRATA | QA Contact: | Ke Wang <kewang> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 4.2.z | CC: | aarapov, aos-bugs, deads, dmoessne, jnordell, kewang, mfojtik, nagrawal, palonsor, palshure, pweil, sttts, xxia |
Target Milestone: | --- | ||
Target Release: | 4.2.z | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1795394 | Environment: | |
Last Closed: | 2020-06-03 09:26:03 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1795394 | ||
Bug Blocks: |
Comment 3
Ke Wang
2020-05-26 08:13:11 UTC
Verified with OCP build 4.2.0-0.nightly-2020-05-26-081314. Verification steps referring to the code changes from PR https://github.com/openshift/cluster-kube-apiserver-operator/pull/724 1. Check the apiserver pods information, $ apiserver_pod=$(oc get po -n openshift-kube-apiserver | grep kube-apiserver | awk '{print $1}' | head -1) $ oc get po $apiserver_pod -n openshift-kube-apiserver -o json | jq .spec.initContainers[0].securityContext { "privileged": true } $ oc get po $apiserver_pod -n openshift-kube-apiserver -o json | jq .spec.containers[0].securityContext { "privileged": true } The containers' securityContext were changed. 2. Check if the related error ‘failed to tryAcquireOrRenew’ can be found. $ apiserver_node=$(oc get po -o wide -n openshift-kube-apiserver | grep kube-apiserver | awk '{print $7}' | head -1) $ oc debug node/$apiserver_node After logged in the debug pod of the apiserver node , sh-4.2# chroot /host sh-4.4# grep -r 'failed to tryAcquireOrRenew' /var/log/pods/openshift-kube-apiserver_kube-apiserver-*/ No results, not found the related error ‘failed to tryAcquireOrRenew’ . It is as expected, move the bug verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2307 |