Open BryanHunt opened 4 years ago
I completely commented out the mkdir/chmod init container, and the sonarqube pod started just fine.
This sounds not dissimilar from my issue here: https://github.com/Oteemo/charts/issues/56
Frustratingly, you can get around it by running as root, but then Sonarqube can't start.
I can add functionality to turn this off. Might have been needed for earlier versions of the software. This chart is a couple years old at this point.
One fix would be to make this container run as a different security context than the rest of the software (or allow this through configuration)
If I set the following, this runs as 999:999, and therefore fails: securityContext: fsGroup: 999 runAsUser: 999
I don't mind this init pod running as root, but if I remove the runAsUser: 999 to do that, then Sonar can't start
We are running in-house version of k8s cluster that is not allowing run of privileged containers, so :+1: for switching it off. @rjkernick depending on what exactly you had in mind for switching it off, maybe also provide functionality to load additional init containers, something like extraInitContainers
approach followed by many other charts?
After I hacked the template to include the certs mount, the init container now fails on the chmod:
Also, the chmod is hardcoded to 999:999 which is probably bad if I use a custom security context.