Bug 2132683

Summary: [CNV-4.10.6] Installation is failing to rollout virt-operator deployment
Product: Container Native Virtualization (CNV) Reporter: Lukas Bednar <lbednar>
Component: VirtualizationAssignee: lpivarc
Status: CLOSED ERRATA QA Contact: Akriti Gupta <akrgupta>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 4.10.6CC: acardace, cnv-qe-bugs, sgott, stirabos
Target Milestone: ---Keywords: AutomationBlocker, TestBlocker
Target Release: 4.10.6   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-10-25 14:47:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2132015    

Description Lukas Bednar 2022-10-06 11:36:23 UTC 
Description of problem:

virt-operator deployment is not rolling out

virt-operator                         0/2     0            0           28m

  - lastTransitionTime: "2022-10-06T11:23:51Z"
    lastUpdateTime: "2022-10-06T11:23:51Z"
    message: 'pods "virt-operator-5bfcfcbbfd-gvnxt" is forbidden: unable to validate
      against any security context constraint: [pod.metadata.annotations.seccomp.security.alpha.kubernetes.io/pod:
      Forbidden: seccomp may not be set pod.metadata.annotations.container.seccomp.security.alpha.kubernetes.io/virt-operator:
      Forbidden: seccomp may not be set provider "anyuid": Forbidden: not usable by
      user or serviceaccount provider "nonroot": Forbidden: not usable by user or
      serviceaccount provider "noobaa": Forbidden: not usable by user or serviceaccount
      provider "noobaa-endpoint": Forbidden: not usable by user or serviceaccount
      provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount
      provider "machine-api-termination-handler": Forbidden: not usable by user or
      serviceaccount provider "hostnetwork": Forbidden: not usable by user or serviceaccount
      provider "hostaccess": Forbidden: not usable by user or serviceaccount provider
      "rook-ceph": Forbidden: not usable by user or serviceaccount provider "node-exporter":
      Forbidden: not usable by user or serviceaccount provider "rook-ceph-csi": Forbidden:
      not usable by user or serviceaccount provider "privileged": Forbidden: not usable
      by user or serviceaccount]'

Version-Release number of selected component (if applicable):

CNV-4.10.6-18


How reproducible: 100%


Steps to Reproduce:
1. Start CNV deployment
2. Observe virt-operator deployment
3.

Actual results: virt-operator failing to rollout


Expected results: Successful CNV deployment


Additional info:
Comment 1 Antonio Cardace 2022-10-07 05:51:04 UTC 
PR has merged upstream, waiting for a DS build.
Comment 2 Lukas Bednar 2022-10-07 10:15:11 UTC 
This issue is fixed in CNV v4.10.6-26
Comment 8 errata-xmlrpc 2022-10-25 14:47:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Virtualization 4.10.6 Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:7179