🐛 [bug] - Issue with fybrik-dev installing opa et.al

[ryanaslett]

📝 Description

[... of the issue you're seeing in the content / tech demo exercises] During the Supply chain Builds step it has us create our argocd app of apps.

Problem is that when we run it
(https://github.com/opendatahub-io-contrib/data-mesh-pattern/blob/699ce55446bb0cfa232d5434a75d015f55b4e587/gitops/argocd/cluster-dev/rainforest-ci-cd/fybrik-dev.yaml#L40)

we get an error with the security context not matching any constraints:

    ```pods "opa-5867777fb9-" is forbidden: unable to validate against any
    security context constraint: [provider "anyuid": Forbidden: not usable
    by user or serviceaccount, provider "pipelines-scc": Forbidden: not
    usable by user or serviceaccount,
    spec.initContainers[0].securityContext.runAsUser: Invalid value:
    1000810000: must be in the ranges: [1000860000, 1000869999],
    spec.containers[0].securityContext.runAsUser: Invalid value: 1000810000:
    must be in the ranges: [1000860000, 1000869999],
    spec.containers[1].securityContext.runAsUser: Invalid value: 1000810000:
    must be in the ranges: [1000860000, 1000869999], provider "restricted":
    Forbidden: not usable by user or serviceaccount, provider
    "container-build": Forbidden: not usable by user or serviceaccount,
    provider "nonroot-v2": Forbidden: not usable by user or serviceaccount,
    provider "nonroot": Forbidden: not usable by user or serviceaccount,
    provider "hostmount-anyuid": Forbidden: not usable by user or
    serviceaccount, provider "machine-api-termination-handler": Forbidden:
    not usable by user or serviceaccount, provider "hostnetwork-v2":
    Forbidden: not usable by user or serviceaccount, provider "hostnetwork":
    Forbidden: not usable by user or serviceaccount, provider "hostaccess":
    Forbidden: not usable by user or serviceaccount, provider
    "node-exporter": Forbidden: not usable by user or serviceaccount,
    provider "privileged": Forbidden: not usable by user or serviceaccount]```

[ryanaslett]

@redmikhail informed me that we probably should just remove the references to the runasuser in these definitions so that they inherit the user range from the cluster. https://github.com/opendatahub-io-contrib/data-mesh-pattern/blob/main/gitops/argocd/cluster-dev/rainforest-ci-cd/fybrik-dev.yaml#L40-L52

[avinashsingh77]

I agree on your suggestion @ryanaslett . I will try this out during the current installation.

[HeatherAck]

@redmikhail have you given @jpaulrajredhat access?

[HeatherAck]

@jpaulrajredhat do you have any update?