New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
operator installed via OLM cannot set kiali server pod securityContext.readOnlyRootFilesystem to false #6481
Comments
Another way to see this fail without using that ci script:
Results in the log file show:
NOTE: to run the test locally (outside of any podman container), you can run If you have a kiali pod, you can get the readOnlyRootFilesystem setting via: |
The problem is with test setup. In the past we added the env var ALLOW_SECURITY_CONTEXT_OVERRIDE to the operator which defaults to false as a security measure. We need to set this to true in the OLM-installed operator because our test tries to set the security context. Because the operator doesn't allow that if that env var is false, the test fails. So this command in my replication procedures in the previous comment needs to add that env var:
This needs to be added to the |
When the operator is installed via OLM, the kiali pod's
securityContext.readOnlyRootFilesystem
cannot be set to false. Even though the Kiali CR has it set to false, that never makes its way to the pod yaml - it remains true. We have a molecule test that tests this, which is how I noticed it. This test has been showing this issue for a while now - but the molecule tests must be run with OLM for the failure to be seen.The failure is in the config-values-test molecule test:
To see the failure:
The text was updated successfully, but these errors were encountered: