Skip to content

TektonConfig from 0.80.0 fails to create pods on MicroShift due to SCC errors #3484

Description

@kastl-ars

Expected Behavior

There should be no errors and all pods should come up properly.

Actual Behavior

Events:
  Type     Reason        Age                  From                   Message
  ----     ------        ----                 ----                   -------
  Warning  FailedCreate  5m1s (x18 over 15m)  replicaset-controller  Error creating: pods "tekton-pipelines-controller-6dccf778c7-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .containers[0].runAsUser: Invalid value: 65532: must be in the ranges: [1000220000, 1000229999], provider restricted-v3: .spec.securityContext.hostUsers: Invalid value: null: Host Users must be set to false, provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]

The TektonConfig resource is looking like this:

$ k get tektonconfig config
NAME     VERSION   READY   REASON
config   v0.80.0   False   Components not in ready state: TektonPipeline: reconcile again and proceed
$

Steps to Reproduce the Problem

  1. Install the tekton-operator via https://infra.tekton.dev/tekton-releases/operator/latest/release.yaml
  2. Create the TektonConfig from https://raw.githubusercontent.com/tektoncd/operator/main/config/crs/openshift/config/all/operator_v1alpha1_config_cr.yaml
  3. There are deployments and replicaSets, but no pods due to the SCC errors.

Additional Info

Kubernetes version: v1.34.7

This is a OpenShift MicroShift singlenode machine, so there is no GUI and no marketplace to install the official RedHat Pipelines Operator.

Kind Regards,
Johannes

Metadata

Metadata

Assignees

Labels

kind/bugCategorizes issue or PR as related to a bug.

Type

Fields

No fields configured for Bug.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions