Pod not supported on Fargate: invalid SecurityContext fields: Capabilities added: CAP_CHOWN

philgin commented 1 year ago

Description of the issue

I'm trying to install erpnext on EKS with Fargate profile testing with minimal configuration:

image:
  repository: frappe/erpnext
  tag: v14.30.6
  pullPolicy: IfNotPresent

podSecurityContext:
  supplementalGroups: [1000]

securityContext: {}

persistence:
  worker:
    storageClass: "efs-sc"
    existingClaim: "efs-claim"

Context information (for bug reports)

CAP_CHOWN doesn't seem to be supported on Fargate so I set securityContext: {} but somehow it's still gettting set on deployment

Steps to reproduce the issue

follow steps by @revant https://gist.github.com/revant/1328e3367c3042fd91c447859fb23dd1
install helm and add frappe https://helm.erpnext.com
helm install test-app frappe/erpnext -f <the minimal yaml created above to isolate the issue>

Observed result

fargate-scheduler  Pod not supported on Fargate: invalid SecurityContext fields: Capabilities added: CAP_CHOWN

Expected result

successful deployment

Stacktrace / full error message if available

fargate-scheduler  Pod not supported on Fargate: invalid SecurityContext fields: Capabilities added: CAP_CHOWN

revant commented 1 year ago

It inherits from default value here:

https://github.com/frappe/helm/blob/3e71d8c2ac028ec51ec77bce7ec216519a675d4d/erpnext/values.yaml#L354-L357

Try to override it with empty object or empty array.

I organised AWS EKS ERPNext (No Fargate) related docs here https://gitlab.com/castlecraft/aws-eks-erpnext

Some pods need to run full time, serverless for them makes no sense. Instead check auto scale.

philgin commented 1 year ago

@revant Thank you. Great work!

frappe / helm