zetaab
commented
5 years ago % oc logs drone-job-2qqsb-xtjmp
{"arch":"amd64","build":3,"level":"info","machine":"openshift-test-node-1-1","msg":"runner: start execution","os":"linux","pipeline":"default","repo":"DevOps/event-operator","stage":1,"time":"2019-01-11T12:04:09Z"}
{"arch":"amd64","build":3,"level":"debug","machine":"openshift-test-node-1-1","msg":"runner: watch for kill signal","os":"linux","pipeline":"default","repo":"DevOps/event-operator","stage":1,"time":"2019-01-11T12:04:09Z"}
{"arch":"amd64","build":3,"error":"pods \"jl3n3by2wpxg5rytrkd1dhkhw8eitv0z\" is forbidden: unable to validate against any security context constraint: [spec.volumes[0]: Invalid value: \"hostPath\": hostPath volumes are not allowed to be used]","level":"info","machine":"openshift-test-node-1-1","msg":"runner: execution failed","os":"linux","pipeline":"default","repo":"DevOps/event-operator","stage":1,"time":"2019-01-11T12:04:10Z"}
{"arch":"amd64","build":3,"error":"pods \"jl3n3by2wpxg5rytrkd1dhkhw8eitv0z\" is forbidden: unable to validate against any security context constraint: [spec.volumes[0]: Invalid value: \"hostPath\": hostPath volumes are not allowed to be used]","level":"debug","machine":"openshift-test-node-1-1","msg":"runner: received kill signal","os":"linux","pipeline":"default","repo":"DevOps/event-operator","stage":1,"time":"2019-01-11T12:04:10Z"}there should be somekind of mechanism how hostPath volumes could be used.
bradrydzewski
I am trying to run drone with kubernetes runtime in openshift. However, it cannot work because:
https://kubernetes.io/docs/concepts/storage/volumes/
this means that kubernetes will create folder with 755 (root is the owner). However, openshift by default does not allow executing containers as root.
That is why we should have possibility to configure privileged parameter to true in all pods.
I think privileged can be configured in case of normal
stepthings. However, we need to possibility to configure it in other steps as well like clone etc