The package-server-manager pod is failing with securityContext errors while upgrading OpenShift 4
Issue
-
OpenShift upgrade is stuck as the
package-server-manager
pod is not up with any of the following errors:deployment openshift-operator-lifecycle-manager/package-server-manager has a replica failure FailedCreate: pods "package-server-manager-12a3b4cd5e-1x2y3" is forbidden: violates PodSecurity "restricted:v1.24": seLinuxOptions (pod set forbidden securityContext.seLinuxOptions: type "spc_t"; user may not be set; role may not be set)
deployment openshift-operator-lifecycle-manager/package-server-manager has a replica failure FailedCreate: pods "package-server-manager-12a3b4cd5e-1x2y3" is forbidden: violates PodSecurity "restricted:v1.24": unrestricted capabilities (container "package-server-manager" must not include "CHOWN", "DAC_OVERRIDE", "FOWNER" in securityContext.capabilities.add
Environment
- Red Hat OpenShift Container Platform (RHOCP)
- 4.11
- 4.12
- Custom
SCC
- Datadog
- Kasten/K10
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.