You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
% oc logs nmstate-operator-754bc98c8c-4z5jt | grep KubeAPIWarningLogger
{"level":"info","ts":"2023-06-30T06:39:11.615Z","logger":"KubeAPIWarningLogger","msg":"unknown field "roleRef.namespace""}
{"level":"info","ts":"2023-06-30T06:39:11.757Z","logger":"KubeAPIWarningLogger","msg":"would violate PodSecurity "restricted:latest": host namespaces (hostNetwork=true), privileged (container "nmstate-handler" must not set securityContext.privileged=true), allowPrivilegeEscalation != false (container "nmstate-handler" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "nmstate-handler" must set securityContext.capabilities.drop=["ALL"]), restricted volume types (volumes "dbus-socket", "nmstate-lock", "ovs-socket" use restricted volume type "hostPath"), runAsNonRoot != true (pod or container "nmstate-handler" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nmstate-handler" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")"}
The text was updated successfully, but these errors were encountered:
What happened:
There is KubeAPIWarningLogger for PodSecurity in nmstate-operator pod
OCP Version: 4.14.0-0.nightly-2023-06-29-065352
knmstate operator version: kubernetes-nmstate-operator.4.14.0-202306280456
% oc get pod
NAME READY STATUS RESTARTS AGE
nmstate-cert-manager-6d5c5556d8-mk9cj 1/1 Running 0 40s
nmstate-console-plugin-9849db676-t62jl 1/1 Running 0 39s
nmstate-handler-cgk8m 1/1 Running 0 40s
nmstate-handler-f7mtt 1/1 Running 0 40s
nmstate-handler-gndwl 1/1 Running 0 39s
nmstate-handler-hmz9z 1/1 Running 0 39s
nmstate-handler-lzd7d 1/1 Running 0 40s
nmstate-handler-wzwfx 1/1 Running 0 39s
nmstate-operator-754bc98c8c-4z5jt 1/1 Running 0 3m32s
nmstate-webhook-88896bdbf-ptj4v 1/1 Running 0 40s
nmstate-webhook-88896bdbf-t9ksh 1/1 Running 0 40s
% oc logs nmstate-operator-754bc98c8c-4z5jt | grep KubeAPIWarningLogger
{"level":"info","ts":"2023-06-30T06:39:11.615Z","logger":"KubeAPIWarningLogger","msg":"unknown field "roleRef.namespace""}
{"level":"info","ts":"2023-06-30T06:39:11.757Z","logger":"KubeAPIWarningLogger","msg":"would violate PodSecurity "restricted:latest": host namespaces (hostNetwork=true), privileged (container "nmstate-handler" must not set securityContext.privileged=true), allowPrivilegeEscalation != false (container "nmstate-handler" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "nmstate-handler" must set securityContext.capabilities.drop=["ALL"]), restricted volume types (volumes "dbus-socket", "nmstate-lock", "ovs-socket" use restricted volume type "hostPath"), runAsNonRoot != true (pod or container "nmstate-handler" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nmstate-handler" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")"}
The text was updated successfully, but these errors were encountered: