-
Notifications
You must be signed in to change notification settings - Fork 8.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bitnami/elasticsearch] unable to deploy elasticsearch on openshift #25860
Comments
workaround for the time beeing: set following values manually...
|
Hi, In principle, disabling the sysctlImage (which requires privileges) should be enough, not being necessary to disable the containerSecurityContext. Could you check it? |
hi, for example this one in the coordinating statefulset:
|
Hi, Indeed we missed that one. instead of
it should be
As you spotted the issue, would you like to submit a PR fixing the issue? |
hey, yes i will try to that soonish, thanks. |
sorry, had initial trouble with signing the commit correctly and made a little mess in the first pull request. i hope you didn't get flooded by notifications... the second PR should be fine. |
Thank you for opening this issue and submitting the associated Pull Request. Our team will review and provide feedback. Once the PR is merged, the issue will automatically close. Your contribution is greatly appreciated! |
Name and Version
bitnami/elasticsearch 21.0.2/3
What architecture are you using?
amd64
What steps will reproduce the bug?
Are you using any custom parameters or values?
No
What is the expected behavior?
with this version of the helm chart it should automatically detect an openshift environment and adapt the security context and successfully deploy an elasticsearch cluster.
What do you see instead?
apparently it does not apply for initConainers as i am getting following errors:
create Pod mdm-elasticsearch-coordinating-0 in StatefulSet mdm-elasticsearch-coordinating failed error: pods "mdm-elasticsearch-coordinating-0" is forbidden: unable to validate against any security context constraint: [provider "trident-controller": Forbidden: not usable by user or serviceaccount, provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .initContainers[0].runAsUser: Invalid value: 0: must be in the ranges: [1000940000, 1000949999], provider restricted-v2: .initContainers[0].privileged: Invalid value: true: Privileged containers are not allowed, provider restricted-v2: .initContainers[1].runAsUser: Invalid value: 1001: must be in the ranges: [1000940000, 1000949999], provider restricted-v2: .initContainers[1].seLinuxOptions.level: Invalid value: "": must be s0:c31,c5, provider restricted: .initContainers[0].runAsUser: Invalid value: 0: must be in the ranges: [1000940000, 1000949999], provider restricted: .initContainers[0].privileged: Invalid value: true: Privileged containers are not allowed, provider restricted: .initContainers[1].runAsUser: Invalid value: 1001: must be in the ranges: [1000940000, 1000949999], provider restricted: .initContainers[1].seLinuxOptions.level: Invalid value: "": must be s0:c31,c5, pod.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/copy-default-plugins]: Forbidden: seccomp may not be set, pod.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/elasticsearch]: Forbidden: seccomp may not be set, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "rsync-anyuid": Forbidden: not usable by user or serviceaccount, provider "k10-scc": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "elasticsearch-scc": Forbidden: not usable by user or serviceaccount, provider "logging-scc": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "k10-prometheus-server": Forbidden: not usable by user or serviceaccount, provider "k10-grafana": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "mssql-persistent-kasten-scc": Forbidden: not usable by user or serviceaccount, provider "mssql-persistent-scc": Forbidden: not usable by user or serviceaccount, provider "trident-node-linux": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount, provider "privileged-etcd-backup": Forbidden: not usable by user or serviceaccount, provider "velero-privileged": Forbidden: not usable by user or serviceaccount]
The text was updated successfully, but these errors were encountered: