Closed hiddeco closed 5 years ago
It does not work on OpenShift unless you remove the whole securityContext section.
securityContext
This is the best I manage to get going on a default installation:
--- apiVersion: apps/v1 kind: Deployment metadata: name: cronjobber spec: replicas: 1 selector: matchLabels: name: cronjobber strategy: type: Recreate template: metadata: labels: name: cronjobber spec: serviceAccountName: cronjobber securityContext: fsGroup: 2 #daemon volumes: - name: timezonedb emptyDir: {} - name: tmp emptyDir: {} emptyDir.medium: Memory containers: - name: cronjobber image: quay.io/hiddeco/cronjobber:0.2.0 resources: requests: cpu: 50m memory: 64Mi args: - --log-level=info volumeMounts: - name: timezonedb mountPath: /usr/share/zoneinfo readOnly: true - name: updatetz image: quay.io/hiddeco/cronjobber-updatetz:0.1.0 # NB: the security context configuration below may not work # out of the box on OpenShift securityContext: # allowPrivilegeEscalation: false # Comment this line to run on OpenShift readOnlyRootFilesystem: true capabilities: drop: - ALL resources: limits: cpu: 100m memory: 64Mi volumeMounts: - name: timezonedb mountPath: /tmp/zoneinfo readOnly: false - name: tmp mountPath: /tmp readOnly: false
I suspect there might be some issues with SELinux on the Katacoda OpenShift instance I used for testing.
It does not work on OpenShift unless you remove the whole
securityContextsection.This is the best I manage to get going on a default installation:
I suspect there might be some issues with SELinux on the Katacoda OpenShift instance I used for testing.