Open Shesoff opened 1 month ago
This fixed with that parameters:
global.compatibility.openshift.adaptSecurityContext: auto
web.podSecurityContext.enabled: false
web.containerSecurityContext.enabled: false
scheduler.podSecurityContext.enabled: false
scheduler.containerSecurityContext.enabled: false
worker.podSecurityContext.enabled: false
worker.containerSecurityContext.enabled: false
metrics.podSecurityContext.enabled: false
metrics.containerSecurityContext.enabled: false
If I right understand global.compatibility.openshift.adaptSecurityContext: force
it doesn't work correctly with openshift cluster and you need disable SecurityContext for all pods/containers.
The issue is that our bitnami/git container has USER 0
by default. The security context adaptations remove the runAsUser
and runAsGroup
sections of the security context. For some reason, it is causing some sort of incompatibility when enabling the security context and using a root container.
We may want to change the git
container to non-root by default to avoid this issue.
We may want to change the git container to non-root by default to avoid this issue
It will awesome.
Name and Version
bitnami/airflow:18.3.17
What architecture are you using?
amd64
What steps will reproduce the bug?
Install helm chart with
git.dags.enabled=true
on OKD (openshift) cluster.Are you using any custom parameters or values?
What is the expected behavior?
I expected that if I use
global.compatibility.openshift.adaptSecurityContext
containers get volumes withemptyDir: {}
parameter for save DAGs there.What do you see instead?
I see error
Init:CreateContainerConfigError
for reason:Error: container has runAsNonRoot and image will run as root (pod: "cloudapi-airflow-web-694dd76578-n7hjc_d-cloudapi(b5c896f5-540a-4bf6-bd29-52ab721f1be4)", container: clone-repositories)
Additional information
No response