Open Shesoff opened 3 months ago
This fixed with that parameters:
global.compatibility.openshift.adaptSecurityContext: auto
web.podSecurityContext.enabled: false
web.containerSecurityContext.enabled: false
scheduler.podSecurityContext.enabled: false
scheduler.containerSecurityContext.enabled: false
worker.podSecurityContext.enabled: false
worker.containerSecurityContext.enabled: false
metrics.podSecurityContext.enabled: false
metrics.containerSecurityContext.enabled: false
If I right understand global.compatibility.openshift.adaptSecurityContext: force
it doesn't work correctly with openshift cluster and you need disable SecurityContext for all pods/containers.
The issue is that our bitnami/git container has USER 0
by default. The security context adaptations remove the runAsUser
and runAsGroup
sections of the security context. For some reason, it is causing some sort of incompatibility when enabling the security context and using a root container.
We may want to change the git
container to non-root by default to avoid this issue.
We may want to change the git container to non-root by default to avoid this issue
It will awesome.
@Shesoff could you give a try to latest 21.0.0
major version? Please note you'll have adapt your values slightly according to what's documented in the link below:
This new version doesn't rely on the bitnami/git
container any longer and uses the same Bitnami Airflow container instead, hence it's likely you won't face the issues any longer.
Name and Version
bitnami/airflow:18.3.17
What architecture are you using?
amd64
What steps will reproduce the bug?
Install helm chart with
git.dags.enabled=true
on OKD (openshift) cluster.Are you using any custom parameters or values?
What is the expected behavior?
I expected that if I use
global.compatibility.openshift.adaptSecurityContext
containers get volumes withemptyDir: {}
parameter for save DAGs there.What do you see instead?
I see error
Init:CreateContainerConfigError
for reason:Error: container has runAsNonRoot and image will run as root (pod: "cloudapi-airflow-web-694dd76578-n7hjc_d-cloudapi(b5c896f5-540a-4bf6-bd29-52ab721f1be4)", container: clone-repositories)
Additional information
No response