-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Container build support doesn't work after upgrade from 7.58.0 to 7.59.0 #21927
Comments
Possible hint. I updated to the Next channel and now I get an informative error on creating a workspace:
|
@cgruver thank you for reporting the issue. |
Output of devworkspace-operator.v0.18.1 DevWorkspace Operator 0.18.1 devworkspace-operator.v0.18.0 Succeeded |
I can reproduce that on our internal (dogfooding) instance. Looking at this issue I have found a few other problems:
|
Let me know if you come up with a work around that I can apply to my cluster. Or... if it's possible to reinstall 7.58. I downgraded chectl back to 7.58, but it still installs the latest from the stable channel in from Operator Hub. |
Work around:
This will install v7.58.0 with a manual update strategy and avoid v7.59.0 for now. |
I've reproduced this on OpenShift 4.11 and come out even more confused than before after testing. Testing 7.58.0 vs 7.59.0, I've found
I haven't tested for Che
is reported when the user does not have permissions to use the requested SCC, which is not occuring in either 7.58.0 nor 7.59.0 |
Testing a little further, it appears to be due to Che 7.59.0 adding config:
workspace:
containerSecurityContext:
allowPrivilegeEscalation: false to the default Pod security context via its custom DevWorkspaceOperatorConfig. Is there a reason we use
|
PR eclipse-che/che-operator#1576 sets |
Very ugly workaround... that will at least let you work with containers in 7.59 for now: oc patch dwoc devworkspace-config -n eclipse-che --type merge --patch '{"config":{"workspace":{"containerSecurityContext":{"allowPrivilegeEscalation":true}}}}' You will have to rerun it immediately after creating a new workspace because the operator will revert it to false every time it touches the DWOC. |
@cgruver I've opened PR eclipse-che/che-operator#1596; once merged should be pushed to the next channel fairly quickly (though I still haven't looked into the issue you encountered with the |
Describe the bug
Che version 7.59 seems to have broken rootless podman on OpenShift
OpenShift - OKD 4.12 SCOS
Che version
7.59@latest
Steps to reproduce
chectl server:deploy -p openshift
oc patch CheCluster eclipse-che -n eclipse-che --type merge --patch '{"spec":{"devEnvironments":{"disableContainerBuildCapabilities":false}}}'
podman images
Expected behavior
Successful empty list of images
Runtime
OpenShift
Screenshots
No response
Installation method
chectl/latest
Environment
macOS
Eclipse Che Logs
No response
Release Notes Text
A regression in the support for building containers has been fixed in this release.
The text was updated successfully, but these errors were encountered: