We use Websphere Liberty Operator to test new release of Instant-On.
While doing regression test for InstantOn 24.0.0.10, application pods were failed to be created and the the error messages returned were unclear and did not provide enough information to identify the problem.
Error creating: pods "dt10mq-7d57cf64-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .containers[0].capabilities.add: Invalid value: "CHECKPOINT_RESTORE": capability may not be added, provider restricted-
v2: .containers[0].capabilities.add: Invalid value: "SETPCAP": capability may not be added, provider restricted-v2:
.containers[0].allowPrivilegeEscalation: Invalid value: true: Allowing privilege escalation for containers is not allowed,
provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by
user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-
anyuid": Forbidden: not usable by user or serviceaccount, pod.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/app]: Forbidden: seccomp may not be set,
provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-
v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or
serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter":
Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]
We use Websphere Liberty Operator to test new release of Instant-On.
While doing regression test for InstantOn 24.0.0.10, application pods were failed to be created and the the error messages returned were unclear and did not provide enough information to identify the problem.