Error creating: pods "auth-ingress-nginx-admission-create-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted: .spec.securityContext.fsGroup: Invalid value: []int64{2000}: 2000 is not an allowed group, spec.containers[0].securityContext.runAsUser: Invalid value: 2000: must be in the ranges: [1000780000, 1000789999], provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]
Screenshots
No response
Additional Environment Information
No response
Steps to Reproduce
Deploy CSM Authorization with helm enabling the NGINX Ingress Controller.
Describe the job related to creating ingress-nginx-controller-admission.
Expected Behavior
The NGINX Ingress Controller should be installed without errors.
atye
commented
2 years ago
Bug Description
The NGINX Ingress Controller fails to install due to Security Context Constraint issues.
https://github.com/kubernetes/ingress-nginx/pull/8420 appears to be the fix.
Logs
Error creating: pods "auth-ingress-nginx-admission-create-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted: .spec.securityContext.fsGroup: Invalid value: []int64{2000}: 2000 is not an allowed group, spec.containers[0].securityContext.runAsUser: Invalid value: 2000: must be in the ranges: [1000780000, 1000789999], provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]
Screenshots
No response
Additional Environment Information
No response
Steps to Reproduce
Deploy CSM Authorization with helm enabling the NGINX Ingress Controller. Describe the job related to creating
ingress-nginx-controller-admission.Expected Behavior
The NGINX Ingress Controller should be installed without errors.
CSM Driver(s)
PowerFlex, PowerMax, PowerScale
Installation Type
Helm
Container Storage Modules Enabled
Authorization v1.3.0
Container Orchestrator
OpenShift 4.10
Operating System
RHEL 7.9