search

krateoplatformops / installer-chart

Krateo PlatformOps Operator Helm Chart
2 stars 2 forks source link

Openshift - vcluster-k8s - RELRO protection failed: No error information #153

Closed matteomasciari closed 3 months ago

matteomasciari commented 7 months ago

Describe the bug On an Openshift Cluster like:

❯ oc version Client Version: 4.15.8 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: 4.13.25 Kubernetes Version: v1.26.9+aa37255

After installing the helm chart with these values:

[...]
krateoplatformops:
vcluster:
enabled: true
openshift:
enable: True
[...]

The pod of the deployment "vcluster-k8s" give me this error:

❯ oc logs vcluster-k8s-5954bd6d84-cj7bq -c vcluster-copy
Error relocating /lib/ld-musl-x86_64.so.1: RELRO protection failed: No error information
Error relocating /bin/sh: RELRO protection failed: No error information

I tried also with these values:

[...]
krateoplatformops:
  vcluster:
    enabled: true
  openshift:
    enable: True
  securityContext:
      allowPrivilegeEscalation: True
      runAsNonRoot: False
      readOnlyRootFilesystem: False
[...]

To Reproduce Steps to reproduce the behavior: On an Openshift environment, run the command:

❯ helm upgrade --install installer installer-chart/chart -f custom.values.yaml

with custom.values.yaml:

[...]
krateoplatformops:
  vcluster:
    enabled: true
  openshift:
    enable: True
  securityContext:
      allowPrivilegeEscalation: True
      runAsNonRoot: False
      readOnlyRootFilesystem: False
[...]
matteomasciari commented 7 months ago

Little update: By installing the original vcluster chart (it works fine) I found this difference in the init container:

I hope this can help you in the analysis of the problem

matteomasciari commented 6 months ago

The problem seems related to SELinux, indeed by switching from Enforcing to Permissive vcluster starts