TMC Lite Inspection fails, error pulling image

search cancel

TMC Lite Inspection fails, error pulling image

book

Article ID: 383058

calendar_today

Updated On:

Products

Tanzu Kubernetes Runtime

Issue/Introduction

TMC Lite inspection test is run for TKGs Guest cluster and fails with

 - (SynchronizedBeforeSuite)
   - Error message: 
     "[FAILED] error waiting for image to be pulled: context deadline exceeded  
     In [SynchronizedBeforeSuite] at: k8s.io/kubernetes/test/e2e/e2e.go:433 @ 11/19/24 14:31:44.939"

Cause

Pod Security Admission is enabled by default on the Guest cluster and is preventing the inspection images from being pulled.

# kubectl get events -n <Image puller namespace>
img-puller-1234      20s      Warning     FailedCreate    daemonset/img-pull-registry.k8s.io-e2e-test-image-agnhost-2.47     Error creating: pod "img-pull-registry.k8s.io-e2e-test-image-agnhost-2.47-wcxzs" is forbidden: violates PodSecurity "restricted:latest"

Resolution

Add the following label to the namespace created for the lite inspection tests

kubectl get ns
kubectl edit ns <Image puller namespace>

labels:
  pod-security.kubernetes.io/enforce: privileged

Feedback

thumb_up Yes

thumb_down No