You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The event listener deployment should create a pod to listen for webhooks.
Actual Behavior
The deployment fails to create a pod and has this error in the deployment status.
pods "el-listener-54cb5fd5c5-" is forbidden: unable to validate against
any security context constraint: [provider "anyuid": Forbidden: not
usable by user or serviceaccount, provider restricted-v2:
.containers[0].runAsUser: Invalid value: 65532: must be in the ranges:
[1000720000, 1000729999], provider "restricted": Forbidden: not usable
by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable
by user or serviceaccount, provider "nonroot": Forbidden: not usable by
user or serviceaccount, provider "hostmount-anyuid": Forbidden: not
usable by user or serviceaccount, provider
"machine-api-termination-handler": Forbidden: not usable by user or
serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user
or serviceaccount, provider "hostnetwork": Forbidden: not usable by user
or serviceaccount, provider "hostaccess": Forbidden: not usable by user
or serviceaccount, provider "node-exporter": Forbidden: not usable by
user or serviceaccount, provider "privileged": Forbidden: not usable by
user or serviceaccount]
I have set the event listener to run under the service account "pipeline" and ran the following commands to set permissions on the pipeline sa.
I have even tried adding the scc 'privileged' to the pipeline user and still got the same issue.
I have tried removing the 'runAsUser: 65532' from the event listener deployment, but that configuration line was regenerated after saving the configuration.
I had a similar issue with the tekton-pipelines and tekton-pipelines-trigger installs and they only started running after I removed the 'runAsUser: 65532' line from the code.
dibyom
added
kind/question
Issues or PRs that are questions around the project or a particular feature
and removed
kind/bug
Categorizes issue or PR as related to a bug.
labels
Sep 6, 2023
Expected Behavior
The event listener deployment should create a pod to listen for webhooks.
Actual Behavior
The deployment fails to create a pod and has this error in the deployment status.
pods "el-listener-54cb5fd5c5-" is forbidden: unable to validate against
any security context constraint: [provider "anyuid": Forbidden: not
usable by user or serviceaccount, provider restricted-v2:
.containers[0].runAsUser: Invalid value: 65532: must be in the ranges:
[1000720000, 1000729999], provider "restricted": Forbidden: not usable
by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable
by user or serviceaccount, provider "nonroot": Forbidden: not usable by
user or serviceaccount, provider "hostmount-anyuid": Forbidden: not
usable by user or serviceaccount, provider
"machine-api-termination-handler": Forbidden: not usable by user or
serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user
or serviceaccount, provider "hostnetwork": Forbidden: not usable by user
or serviceaccount, provider "hostaccess": Forbidden: not usable by user
or serviceaccount, provider "node-exporter": Forbidden: not usable by
user or serviceaccount, provider "privileged": Forbidden: not usable by
user or serviceaccount]
I have set the event listener to run under the service account "pipeline" and ran the following commands to set permissions on the pipeline sa.
I have even tried adding the scc 'privileged' to the pipeline user and still got the same issue.
I have tried removing the 'runAsUser: 65532' from the event listener deployment, but that configuration line was regenerated after saving the configuration.
I had a similar issue with the tekton-pipelines and tekton-pipelines-trigger installs and they only started running after I removed the 'runAsUser: 65532' line from the code.
Additional Info
The text was updated successfully, but these errors were encountered: