Uploaded image for project: 'Couchbase Kubernetes'
  1. Couchbase Kubernetes
  2. K8S-2199

CreateContainerConfigError: Admission Controller can not be installed on OCP

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 2.2.0
    • 2.2.0
    • operator
    • None
    • 1

    Description

      OCP : 4.4 

      Job: http://qa.sc.couchbase.com/view/Cloud/job/k8s-cbop-oc-pipeline/100/

      Server: registry.connect.redhat.com/couchbase/server:6.6.2-1

      DAC: registry.gitlab.com/cb-rhcc/admission-controller:latest (build 224)

      Error:

      10:52:31 time="2021-05-19T10:52:31-07:00" level=info msg="Creating admission controller"
      		 
      10:57:38 time="2021-05-19T10:57:32-07:00" level=error msg="timeout: condition status mismatch, expected True, got False"

      DAC pod Status:

      Prateeks-MacBook-Pro:openshift-install-mac-4.4.33 prateekkumar$ oc get pods
      		 
      NAME                                            READY   STATUS                       RESTARTS   AGE
      		 
      couchbase-operator-admission-57d879599f-r2fh6   0/1     CreateContainerConfigError   0          6m9s

      Events:

       Events:
      		 
        Type     Reason     Age                   From                                                Message
      		 
        ----     ------     ----                  ----                                                -------
      		 
        Normal   Scheduled  <unknown>             default-scheduler                                   Successfully assigned default/couchbase-operator-admission-57d879599f-r2fh6 to ip-10-0-163-91.us-west-2.compute.internal
      		 
        Normal   Pulled     5m1s (x8 over 6m18s)  kubelet, ip-10-0-163-91.us-west-2.compute.internal  Successfully pulled image "registry.gitlab.com/cb-rhcc/admission-controller:latest"
      		 
        Warning  Failed     5m1s (x8 over 6m18s)  kubelet, ip-10-0-163-91.us-west-2.compute.internal  Error: container has runAsNonRoot and image will run as root
      		 
        Normal   Pulling    68s (x24 over 6m19s)  kubelet, ip-10-0-163-91.us-west-2.compute.internal  Pulling image "registry.gitlab.com/cb-rhcc/admission-controller:latest"

      Simon Murray had corrected the DAC to run as non-root going forward in our releases.

      Do we need any additional change here ?

      (No logs since Operator was not set up.)

      Attachments

        For Gerrit Dashboard: K8S-2199
        # Subject Branch Project Status CR V
        154034,2 K8S-2199: Set Non-Root Account on RHCC master couchbase-operator Status: MERGED +2 +1
        154057,3 K8S-2199: Fix RHEL Builds master couchbase-operator Status: MERGED +2 +1
        154116,2 K8S-2199: Fix RHEL Builds Again master couchbase-operator Status: MERGED +2 +1
        154119,4 K8S-2199: Require numeric USER main couchbase-fluent-bit Status: MERGED +2 +1

        Activity

          People

            simon.murray Simon Murray
            prateek.kumar Prateek Kumar (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty