Closed abdennour closed 1 year ago
Openshift is using very restrictive default security context, the solution i'm using is to create a dedicated service account, assign a different scc to it and modify deployment template to use this service account. You can read more about security context on Openshift here: https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids
To create service account and assign scc to it ( make sure you are in the project where you want to deploy the chart):
[helm]$ oc create sa prom2teams
serviceaccount/prom2teams created
[helm]$ oc adm policy add-scc-to-user anyuid -z prom2teams
clusterrole.rbac.authorization.k8s.io/system:openshift:scc:anyuid added: "prom2teams"
Modify deployment template ( helm/templates/deployment.yaml ) and add the serviceAccountName attribute:
...
securityContext:
runAsNonRoot: {{ if eq (int .Values.securityContext.runAsUser) 0 }}false{{ else }}true{{ end }}
runAsUser: {{ .Values.securityContext.runAsUser }}
runAsGroup: {{ .Values.securityContext.runAsGroup }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- end }}
serviceAccountName: prom2teams
Last step is to install the chart:
[helm]$ helm upgrade --install prom2teams --namespace aiot-test /path/to/helm --set prom2teams.connector='https://teams/webhook' --set prom2teams.loglevel=DEBUG --set image.tag=latest
Don't forget to expose the service via a route, if you want to access app from outside cluster.
PROM2TEAMS team: maybe you can update helm chart to allow service account customization.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Description
Using the provided helm chart, the chart cannot be installed successfully on OCP 4.x.
Additional Information
it's saying: