Bug 2132683 - [CNV-4.10.6] Installation is failing to rollout virt-operator deployment
Summary: [CNV-4.10.6] Installation is failing to rollout virt-operator deployment
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Virtualization
Version: 4.10.6
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: 4.10.6
Assignee: lpivarc
QA Contact: Akriti Gupta
URL:
Whiteboard:
Depends On:
Blocks: 2132015
TreeView+ depends on / blocked
 
Reported: 2022-10-06 11:36 UTC by Lukas Bednar
Modified: 2022-10-25 14:47 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-10-25 14:47:02 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github kubevirt kubevirt pull 8573 0 None open [release-0.49] Revert "Set SeccompProfile" 2022-10-06 18:48:33 UTC
Red Hat Product Errata RHEA-2022:7179 0 None None None 2022-10-25 14:47:11 UTC

Description Lukas Bednar 2022-10-06 11:36:23 UTC 
Description of problem:

virt-operator deployment is not rolling out

virt-operator                         0/2     0            0           28m

  - lastTransitionTime: "2022-10-06T11:23:51Z"
    lastUpdateTime: "2022-10-06T11:23:51Z"
    message: 'pods "virt-operator-5bfcfcbbfd-gvnxt" is forbidden: unable to validate
      against any security context constraint: [pod.metadata.annotations.seccomp.security.alpha.kubernetes.io/pod:
      Forbidden: seccomp may not be set pod.metadata.annotations.container.seccomp.security.alpha.kubernetes.io/virt-operator:
      Forbidden: seccomp may not be set provider "anyuid": Forbidden: not usable by
      user or serviceaccount provider "nonroot": Forbidden: not usable by user or
      serviceaccount provider "noobaa": Forbidden: not usable by user or serviceaccount
      provider "noobaa-endpoint": Forbidden: not usable by user or serviceaccount
      provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount
      provider "machine-api-termination-handler": Forbidden: not usable by user or
      serviceaccount provider "hostnetwork": Forbidden: not usable by user or serviceaccount
      provider "hostaccess": Forbidden: not usable by user or serviceaccount provider
      "rook-ceph": Forbidden: not usable by user or serviceaccount provider "node-exporter":
      Forbidden: not usable by user or serviceaccount provider "rook-ceph-csi": Forbidden:
      not usable by user or serviceaccount provider "privileged": Forbidden: not usable
      by user or serviceaccount]'

Version-Release number of selected component (if applicable):

CNV-4.10.6-18


How reproducible: 100%


Steps to Reproduce:
1. Start CNV deployment
2. Observe virt-operator deployment
3.

Actual results: virt-operator failing to rollout


Expected results: Successful CNV deployment


Additional info:
Comment 1 Antonio Cardace 2022-10-07 05:51:04 UTC 
PR has merged upstream, waiting for a DS build.
Comment 2 Lukas Bednar 2022-10-07 10:15:11 UTC 
This issue is fixed in CNV v4.10.6-26
Comment 8 errata-xmlrpc 2022-10-25 14:47:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Virtualization 4.10.6 Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:7179
Note You need to log in before you can comment on or make changes to this bug.