Can't install Camel-K 2.0 nightly on OpenShift cluster

[bouskaJ]

I am getting following error

2s          Warning   FailedCreate        replicaset/camel-k-operator-84b7b556ff   Error creating: pods "camel-k-operator-84b7b556ff-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: []int64{0}: 0 is not an allowed group, provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]

trying to install Camel-K operator on OpenShift.

The full scenario:

oc new-project jbouska
Already on project "jbouska" on server "https://api.camel-k-412-b.fuse.integration-qe.com:6443".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app rails-postgresql-example

to build a new example application in Ruby. Or use kubectl to deploy a simple Kubernetes application:

    kubectl create deployment hello-node --image=k8s.gcr.io/serve_hostname

➜  camel-k git:(main) ✗ ./kamel install --olm=false --maven-repository=https://repository.apache.org/content/repositories/snapshots@id=apache-snapshots@snapshots --operator-image docker.io/testcamelk/camel-k:2.0.0-nightly --storage=false 

Camel K installed in namespace jbouska 
➜  camel-k git:(main) ✗ oc get pods
No resources found in jbouska namespace.
➜  camel-k git:(main) ✗ oc get events
LAST SEEN   TYPE      REASON              OBJECT                                   MESSAGE
2s          Warning   FailedCreate        replicaset/camel-k-operator-84b7b556ff   Error creating: pods "camel-k-operator-84b7b556ff-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: []int64{0}: 0 is not an allowed group, provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]
12s         Normal    ScalingReplicaSet   deployment/camel-k-operator              Scaled up replica set camel-k-operator-84b7b556ff to 1
➜  camel-k git:(main) ✗ oc get pods  
No resources found in jbouska namespace.

[gansheer]

@squakez I will look into it.

[gansheer]

Ok, so the volumes can't be mounted in root mode by the operator pod when deploying in an OCP newly created project that is not default. I will find a way to fix this.
Also the user 1000 for the builder pod does not work in OCP, declaring RunAsNonRoot in the PodSecurityContext works better.

[squakez]

We should have closed this by #4487