OpenShift Container Platform - router won't start when allowPrivilegeEscalation is set to false
Issue
-
We have created a custom SCC which is more restricted than the default
restricted
SCC as it hasallowPrivilegeEscalation
set tofalse
. Once the SCC is in place therouter
pod is failing to start and reporting the below error. When settingallowPrivilegeEscalation
back totrue
it all works again as expected.[NOTICE] 265/114634 (19) : haproxy version is 2.2.15-5e8f49d [NOTICE] 265/114634 (19) : path to executable is /usr/sbin/haproxy [ALERT] 265/114634 (19) : Starting frontend public: cannot bind socket [0.0.0.0:80] [ALERT] 265/114634 (19) : Starting frontend public_ssl: cannot bind socket [0.0.0.0:443] E0923 11:46:58.907432 1 haproxy.go:418] can't scrape HAProxy: dial unix /var/lib/haproxy/run/haproxy.sock: connect: connection refused E0923 11:47:02.963872 1 haproxy.go:418] can't scrape HAProxy: dial unix /var/lib/haproxy/run/haproxy.sock: connect: connection refused E0923 11:47:28.874274 1 haproxy.go:418] can't scrape HAProxy: dial unix /var/lib/haproxy/run/haproxy.sock: connect: connection refused E0923 11:47:32.961877 1 haproxy.go:418] can't scrape HAProxy: dial unix /var/lib/haproxy/run/haproxy.sock: connect: connection refused E0923 11:47:58.878652 1 haproxy.go:418] can't scrape HAProxy: dial unix /var/lib/haproxy/run/haproxy.sock: connect: connection refused E0923 11:48:02.971619 1 haproxy.go:418] can't scrape HAProxy: dial unix /var/lib/haproxy/run/haproxy.sock: connect: connection refused E0923 11:48:28.881073 1 haproxy.go:418] can't scrape HAProxy: dial unix /var/lib/haproxy/run/haproxy.sock: connect: connection refused I0923 11:48:28.983101 1 template.go:704] router "msg"="Shutdown requested, waiting 45s for new connections to cease" E0923 11:48:32.962518 1 haproxy.go:418] can't scrape HAProxy: dial unix /var/lib/haproxy/run/haproxy.sock: connect: connection refused
Environment
- Red Hat OpenShift Container Platform (RHOCP) 4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.