Bug 1752905 - Kuryr unable to annotate pods in namespaces without `openshift.io/run-level` annotation
Summary: Kuryr unable to annotate pods in namespaces without `openshift.io/run-level` ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.2.0
Hardware: All
OS: All
urgent
urgent
Target Milestone: ---
: 4.2.0
Assignee: Michał Dulko
QA Contact: GenadiC
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-09-17 14:27 UTC by Michał Dulko
Modified: 2019-10-16 06:41 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-10-16 06:41:28 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-network-operator pull 316 0 None None None 2019-09-17 14:31:58 UTC
Red Hat Product Errata RHBA-2019:2922 0 None None None 2019-10-16 06:41:41 UTC

Description Michał Dulko 2019-09-17 14:27:42 UTC 
Description of problem:
Kuryr is missing permissions to use SCC's, making it unable to annotate pods running under normal admission control (i.e. in namespaces without `openshift.io/run-level` annotation). Annotating pods is essential for Kuryr to work.

Version-Release number of selected component (if applicable):
4.2

How reproducible:
Always

Steps to Reproduce:
1. Install OCP 4.2 on OpenStack with Kuryr
2. Create a regular namespace
3. Create pod in that namespace

Actual results:
Pod hangs in ContainerCreating state

Expected results:
Pod gets into Running state.

Additional info:
Comment 2 Itzik Brown 2019-10-06 08:33:00 UTC 
4.2.0-0.nightly-2019-10-02-122541
Comment 3 errata-xmlrpc 2019-10-16 06:41:28 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2922
Note You need to log in before you can comment on or make changes to this bug.