Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pull-project-infra-prow-deploy-test failing since Sep 20th 09AM 2024 #3667

Closed
dhiller opened this issue Sep 23, 2024 · 0 comments · Fixed by #3668
Closed

pull-project-infra-prow-deploy-test failing since Sep 20th 09AM 2024 #3667

dhiller opened this issue Sep 23, 2024 · 0 comments · Fixed by #3668
Labels
kind/bug

Comments

@dhiller
Copy link
Contributor

dhiller commented Sep 23, 2024

What happened:
pull-project-infra-prow-deploy-test is failing every time since Sep 20th 09AM:
https://prow.ci.kubevirt.io/job-history/gs/kubevirt-prow/pr-logs/directory/pull-project-infra-prow-deploy-test

It fails on nginx ingress deploy, likely caused by this image update: 509209c

    "Warning: would violate PodSecurity \"restricted:latest\": hostPort (container \"controller\" uses hostPorts 443, 80), allowPrivilegeEscalation != false (container \"controller\" must set securityContext.allowPrivilegeEscalation=false), runAsNonRoot != true (pod or container \"controller\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container \"controller\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")",
    "Warning: would violate PodSecurity \"restricted:latest\": unrestricted capabilities (container \"create\" must set securityContext.capabilities.drop=[\"ALL\"]), seccompProfile (pod or container \"create\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")",
    "Warning: would violate PodSecurity \"restricted:latest\": unrestricted capabilities (container \"patch\" must set securityContext.capabilities.drop=[\"ALL\"]), seccompProfile (pod or container \"patch\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")",
    "error: timed out waiting for the condition on pods/ingress-nginx-controller-5f95bb8496-s2mtx"

What you expected to happen:
It should not fail.

How to reproduce it (as minimally and precisely as possible):

Additional context:

FYI @brianmcarey
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

prow-deploy,presubmit: update nginx deployment to use only image tag brianmcarey/project-infra
1 participant
@dhiller