Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Verified on 4.9.0-0.ci-2021-09-06-064221. Verification steps: 1. cat psp.yaml apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: annotations: apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' name: next-psp-name spec: # default set of capabilities are implicitly allowed allowedCapabilities: [] allowPrivilegeEscalation: false fsGroup: rule: 'MustRunAs' ranges: # Forbid adding the root group. - min: 1 max: 65535 hostIPC: false hostNetwork: false hostPID: false privileged: false readOnlyRootFilesystem: false runAsUser: rule: 'MustRunAsNonRoot' seLinux: rule: 'RunAsAny' supplementalGroups: rule: 'MustRunAs' ranges: # Forbid adding the root group. - min: 1 max: 65535 volumes: - 'configMap' - 'downwardAPI' - 'emptyDir' - 'persistentVolumeClaim' - 'projected' - 'secret' hostPorts: - min: 0 max: 0 2. oc apply -f psp.yaml 3. oc delete pod insights-operator-<some name> 4. download the archive oc rsync insights-operator-<some name>:/var/lib/insights-operator/insights-<date>.tar.gz /tmp 5. check if config/psp_names.json exists and has the right content
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759