Bug 1933666

Summary: Getting Forbidden for image in a container template when creating a sample app
Product: OpenShift Container Platform Reporter: Christoph Jerolimov <cjerolim>
Component: Dev ConsoleAssignee: Christoph Jerolimov <cjerolim>
Status: CLOSED ERRATA QA Contact: Gajanan More <gamore>
Severity: high Docs Contact: Harsh Mishra <hmishra>
Priority: high    
Version: 4.6.zCC: aos-bugs, mjobanek, nmukherj
Target Milestone: ---   
Target Release: 4.6.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
While creating a sample application, the *Developer* perspective creates multiple resources that depend on each other and must be completed in a specific order. Previously, the admission plug-in sometimes could not check one of these resources, preventing the *Developer* perspective from generating the sample application. This issue has been fixed. The code creates the resources in the required order, so creating a sample application is more stable.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-12 12:18:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1933665    
Bug Blocks:    

Description Christoph Jerolimov 2021-03-01 11:19:39 UTC 
Description of problem:
When creating a new Node.js app (I hit the same problem also with the Go app) in the Dev Sandbox, I sometimes get an error:

Error "Forbidden: this image is prohibited by policy: this image is prohibited by policy (changed after admission)" for field "spec.template.spec.containers[0].image".

Version-Release number of selected component (if applicable):
4.6-4.8

How reproducible:
Intermittent

Steps to Reproduce:
1. Go to Add -> Samples
2. Choose either Go or Node.js app
3. Click on create

Actual results:
Error message above was shown sometimes when creating a sample app.

Expected results:
Apps get created without showing any error.

Additional info:
This is a copy of Jira issue https://issues.redhat.com/browse/ODC-5468
Comment 1 Christoph Jerolimov 2021-04-06 22:14:55 UTC 
*** Bug 1921717 has been marked as a duplicate of this bug. ***
Comment 2 Christoph Jerolimov 2021-04-30 06:11:08 UTC 
Increase severity as this fixes also the high prio, high severity issue https://bugzilla.redhat.com/show_bug.cgi?id=1921717
Comment 5 Gajanan More 2021-05-04 05:49:08 UTC 
I verified the bugzilla on:
Build: 4.6.0-0.nightly-2021-05-03-000315
Browser: Google Chrome Version 89
Marking this as verified
Comment 7 errata-xmlrpc 2021-05-12 12:18:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6.28 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1487