APAR status
Closed as program error.
Error description
The IBM Spectrum Protect Plus Container Backup Support job to backup or restore Persistent Volume Claims (PVC) ends with the error message: FailedCreate pods \"<pod name>\" is forbidden: unable to validate against any security context constraint: [spec.volumes[0]: Invalid value: \"hostPath\": hostPath volumes are not allowed to be used spec.containers[0].securityContext.runAsUser: Invalid value: 0: must be in the ranges: [1000580000, 1000589999] spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed spec.containers[0].securityContext.capabilities.add: Invalid value: \"SYS_ADMIN\": capability may not be added] The error message will appear after approximately 15 minutes have passed into the job and the job will end. This error is inconsistent due to shared object interactions and timing.
Local fix
Retries may succeed.
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Protect Plus Container Backup Support 10.1.7, * * 10.1.8, 10.1.9 and 10.1.10 on the Red Hat OpenShift * * container orchestration platform * **************************************************************** * PROBLEM DESCRIPTION: * * See ERROR DESCRIPTION * **************************************************************** * RECOMMENDATION: * * Apply fixing level when available. This problem is currently * * projected to be fixed in Spectrum Protect Plus Container * * Backup Support level 10.1.11 Note that this is subject to * * change at the discretion of IBM * ****************************************************************
Problem conclusion
The issue is resolved. The deployment should start and perform the backup or restore operation.
Temporary fix
Comments
APAR Information
APAR number
IT40582
Reported component name
SP PLUS
Reported component ID
5737SPLUS
Reported release
A19
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-04-08
Closed date
2022-05-25
Last modified date
2022-05-25
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Apps ocp
Fix information
Fixed component name
SP PLUS
Fixed component ID
5737SPLUS
Applicable component levels
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A19","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
01 February 2024