search

OT-CONTAINER-KIT / redis-operator

A golang based redis operator that will make/oversee Redis standalone/cluster/replication/sentinel mode setup on top of the Kubernetes.
https://ot-redis-operator.netlify.app/
Apache License 2.0
734 stars 207 forks source link

Openshift Cluster Creation Permissions issue #892

Open iwalterTraining opened 2 months ago

iwalterTraining commented 2 months ago

What version of redis operator are you using? redis-operator version: redis-operator.v0.15.1

Does this issue reproduce with the latest release? This is the latest version I see as available in the OpenShift Operator Hub

What operating system and processor architecture are you using (kubectl version)?

OpenShift Container Platform 4.12

What did you do?

Attempt to create a cluster using this yaml:

---
apiVersion: redis.redis.opstreelabs.in/v1beta1
kind: RedisCluster
metadata:
  name: redis-cluster
spec:
  clusterSize: 3
  clusterVersion: v7
  persistenceEnabled: true
  securityContext:
    fsGroup: 1000
    runAsUser: 1000
  kubernetesConfig:
    image: quay.io/opstree/redis:v7.0.12
    imagePullPolicy: IfNotPresent
    resources:
      requests:
        cpu: 101m
        memory: 128Mi
      limits:
        cpu: 101m
        memory: 128Mi
    redisSecret:
      name: redis-secret
      key: password
  redisExporter:
    enabled: false
    image: quay.io/opstree/redis-exporter:v1.44.0
    imagePullPolicy: IfNotPresent
    resources:
      requests:
        cpu: 100m
        memory: 128Mi
      limits:
        cpu: 100m
        memory: 128Mi
  storage:
    nodeConfVolume: true
    nodeConfVolumeClaimTemplate:
      spec:
        storageClassName: portworx-pso-fb-v3
        accessModes:
          - ReadWriteOnce
        resources:
          requests:
            storage: 1Gi
    volumeClaimTemplate:
      spec:
        storageClassName: portworx-pso-fb-v3
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
            storage: 1Gi

What did you expect to see?

I expected to see a cluster to be created.

What did you see instead?

mkdir: can't create directory '/node-conf': Permission denied sed: /node-conf/nodes.conf: No such file or directory Running without TLS mode ACL_MODE is not true, skipping ACL file modification Starting redis service in cluster mode..... 11:C 23 Apr 2024 21:08:58.648 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo 11:C 23 Apr 2024 21:08:58.648 # Redis version=7.0.12, bits=64, commit=00000000, modified=0, pid=11, just started 11:C 23 Apr 2024 21:08:58.648 # Configuration loaded 11:M 23 Apr 2024 21:08:58.649 * monotonic clock: POSIX clock_gettime 11:M 23 Apr 2024 21:08:58.649 # Can't open /node-conf/nodes.conf in order to acquire a lock: No such file or directory

However in the yaml for the created pod, I am seeing different users than the ones specified in the creation:

  securityContext:
    seLinuxOptions:
      level: 's0:c34,c9'
    fsGroup: 1001140000
    seccompProfile:
      type: RuntimeDefault
securityContext:
  capabilities:
     drop:
      - ALL
  runAsUser: 1001140000
  runAsNonRoot: true
  allowPrivilegeEscalation: false

I have also tried using podSecurityContext and an empty securityContext in the cluster creation yaml, all with the same result.