Display error message when terminal pod does not successfully come up
petersutter opened this issue · comments
What would you like to be added:
For the webterminal feature the dashboard creates a Terminal
resource on which the terminal-controller-manager
acts upon. If there is an error in reconciling the Terminal
resource, the terminal-controller-manager
should write the last error in the status and the Dashboard should make this error visible to the user.
Why is this needed:
e.g. an admission webhook could be preventing the creating of the terminal pod:
Failed to create or update terminal pod (admission webhook \"validate.kyverno.svc-ignore\" denied the request:
resource Pod/term-host-1234/term-1234 was blocked due to the following policies
disallow-host-namespaces:
host-namespaces: 'validation error: Sharing the host namespaces is disallowed. The
fields spec.hostNetwork, spec.hostIPC, and spec.hostPID must not be set to true. .
rule host-namespaces failed at path /spec/hostNetwork/'
disallow-host-path:
host-path: 'validation error: HostPath volumes are forbidden. The fields spec.volumes[*].hostPath
must not be set. rule host-path failed at path /spec/volumes/0/hostPath/'
disallow-privileged-containers:
priviledged-containers: 'validation error: Privileged mode is disallowed. The fields
spec.containers[*].securityContext.privileged and spec.initContainers[*].securityContext.privileged
must not be set to true. . rule priviledged-containers failed at path
/spec/containers/0/securityContext/privileged/'
require-run-as-non-root:
check-containers: 'validation error: Running as root is not allowed. The fields
spec.securityContext.runAsNonRoot, spec.containers[*].securityContext.runAsNonRoot,
and spec.initContainers[*].securityContext.runAsNonRoot must be `true`. .
rule check-containers[0] failed at path /spec/securityContext/runAsNonRoot/ rule
check-containers[1] failed at path /spec/initContainers/0/securityContext/'
)