Created attachment 1907330 [details] Complete logs of the test run Description of problem: HttpNodePortTest#nodePortTest and HttpsNodePortTest#nodePortTest (https://gitlab.hosts.mwqe.eng.bos.redhat.com/jbossqe-eap/openshift-eap-tests/-/blob/7.4.x/test-eap/src/test/java/com/redhat/xpaas/eap/nodeport/HttpNodePortTest.java) are tests in the OpenShift test suite testing building and deploying simple application using S2I. On OCP 4.12 this test started to fail with the error message Invoking command: curl -k http://192.169.3.127:32736 on node sdntmvxd-nfnkk-worker-0-qtndd failed. Error output is: error: PodSecurity violation error: Ensure the target namespace has the appropriate security level set or consider creating a dedicated privileged namespace using: "oc create ns <namespace> -o yaml | oc label -f - pod-security.kubernetes.io/enforce=privileged pod-security.kubernetes.io/audit=privileged pod-security.kubernetes.io/warn=privileged". Original error: pods "sdntmvxd-nfnkk-worker-0-qtndd-debug" is forbidden: violates PodSecurity "restricted:v1.24": host namespaces (hostNetwork=true, hostPID=true, hostIPC=true), privileged (container "container-00" must not set securityContext.privileged=true), allowPrivilegeEscalation != false (container "container-00" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "container-00" must set securityContext.capabilities.drop=["ALL"]), restricted volume types (volume "host" uses restricted volume type "hostPath"), runAsNonRoot != true (pod or container "container-00" must set securityContext.runAsNonRoot=true), runAsUser=0 (container "container-00" must not set runAsUser=0), seccompProfile (pod or container "container-00" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") Complete tes logs and pod logs are attached. Steps to Reproduce: 1. git clone git.mwqe.eng.bos.redhat.com:jbossqe-eap/openshift-eap-tests.git 2. cd openshift-eap-tests 3. mvn clean test -P74-openjdk11,eap-pit-xp3 -Dtest=HttpNodePortTest#nodePortTest Additional info: Issue occured on the OCP PIT test environment: https://main-jenkins-csb-interopqe.apps.ocp-c1.prod.psi.redhat.com/job/OpenShiftIntegratedProducts/job/jbosseap-7.4-openshift-4/65/ According to the error message pod security changes on OCP might be possible cause of this issue: https://connect.redhat.com/blog/important-openshift-changes-pod-security-standards
Hello, is there any progress with this? Thanks.
@dcihak Can you please share the buildConfig? It would help us to understand the problem better. Thanks.
Created attachment 1909603 [details] BuildConfig for HttpNodePortTest#nodePortTest Hello, attached BuildConfig used when running HttpNodePortTest#nodePortTest on OCP 4.12 (https://api.cpqe412-5-nyej.eapqe.psi.redhat.com:6443).
@diagrawa Required buildConfig was attached, if you need anything else from us, don't hesitate to ask.
Hi, seems like I don't have access to view the attachment. Can you please check again?
Created attachment 1909804 [details] BuildConfig
@Divyanshu Agrawal Sorry, I made the file private accidentally, it should work now.
@diagrawa Hello, is there any progress with this issue? If you need any cooperation from us please don't hesitate to ask. Thanks.
Hi, we started looking into the issue. Will post an update as soon as possible. Thanks!
@diagrawa Hello, do you have any update for this issue? Thanks.
@cdaley ok, thanks for the explanation.