Bug 1930715

Summary: [sig-auth][Feature:SCC][Early] should not have pod creation failures during install
Product: OpenShift Container Platform Reporter: Antonio Ojea <aojeagar>
Component: apiserver-authAssignee: Standa Laznicka <slaznick>
Status: CLOSED DUPLICATE QA Contact: pmali
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.8CC: aos-bugs, mfojtik
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
[sig-auth][Feature:SCC][Early] should not have pod creation failures during install
Last Closed: 2021-03-01 08:59:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Antonio Ojea 2021-02-19 12:46:37 UTC 
test:
[sig-auth][Feature:SCC][Early] should not have pod creation failures during install 

is failing frequently in CI, see search results:
https://search.ci.openshift.org/?maxAge=168h&context=1&type=bug%2Bjunit&name=&maxMatches=5&maxBytes=20971520&groupBy=job&search=%5C%5Bsig-auth%5C%5D%5C%5BFeature%3ASCC%5C%5D%5C%5BEarly%5C%5D+should+not+have+pod+creation+failures+during+install

Started to fail recently, also in stable jobs like this
https://testgrid.k8s.io/redhat-openshift-ocp-release-4.8-blocking#release-openshift-ocp-installer-e2e-aws-serial-4.8


A snipper from the error in one job with only this test failing  https://prow.ci.openshift.org/view/gcs/origin-ci-test/logs/release-openshift-ocp-installer-e2e-aws-serial-4.8/1362552405136248832 

fail [github.com/openshift/origin/test/extended/authorization/scc.go:57]: 6 pods failed on SCC errors
Error creating: pods "cloud-credential-operator-858967d8c8-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount] for ReplicaSet.apps/v1/cloud-credential-operator-858967d8c8 -n openshift-cloud-credential-operator happened 1 times
Error creating: pods "aws-ebs-csi-driver-controller-747747f86c-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted: .spec.securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, spec.containers[0].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, spec.containers[0].securityContext.containers[0].hostPort: Invalid value: 10301: Host ports are not allowed to be used, spec.containers[1].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, spec.containers[1].securityContext.containers[0].hostPort: Invalid value: 10301: Host ports are not allowed to be used, spec.containers[2].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, spec.containers[2].securityContext.containers[0].hostPort: Invalid value: 10301: Host ports are not allowed to be used, spec.containers[3].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, spec.containers[3].securityContext.containers[0].hostPort: Invalid value: 10301: Host ports are not allowed to be used, spec.containers[4].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, spec.containers[4].securityContext.containers[0].hostPort: Invalid value: 10301: Host ports are not allowed to be used, spec.containers[5].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, spec.containers[5].securityContext.containers[0].hostPort: Invalid value: 10301: Host ports are not allowed to be used, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount] for ReplicaSet.apps/v1/aws-ebs-csi-driver-controller-747747f86c -n openshift-cluster-csi-drivers happened 3 times
Comment 1 Standa Laznicka 2021-03-01 08:59:30 UTC 

*** This bug has been marked as a duplicate of bug 1913069 ***