Open a-dawg opened 3 years ago
this issue is related to puppet/puppetserver not being openshift compatible.
@a-dawg Gotcha! Thanks for bringing this up! 💯
Will be added in the next month or two.
CC: @underscorgan @Iristyle @slconley @scottcressi @mwaggett @nwolfe @adrienthebo @dhollinger @raphink @binford2k
@a-dawg FTR we're using puppet/puppetserver
on OpenShift, but we do not use the entrypoint scripts. See https://github.com/camptocamp/charts/blob/master/puppetserver/templates/deployment.yaml#L54-L72
@raphink Please feel absolutely free to start the work on adding the OpenShift support to the chart - will be very appreciated. 🥇
P.S. https://github.com/puppetlabs/puppetserver-helm-chart/pull/66 should help the chart to meet some of your earlier requirements.
I just had a chance to deploy Puppet on Openshift 4.5 today and discovered 3 steps need to do to make it works on Openshift.
Run command oc adm policy add-scc-to-user privileged -z default -n puppet-server
to add "priviledge" SCC to user "default". Please note that the "priviledge" SCC is the most relax security so be careful to use it.
Ref: https://www.openshift.com/blog/managing-sccs-in-openshift
Add "securityContext" to "puppetserver" container, this need to modify the Helm template puppetserver-deployment-masters.yaml.
securityContext:
runAsUser: 0
runAsNonRoot: false
privileged: true
The same "securityContext" will need to be added to "puppetdb" and "puppetboard" containers in the puppetdb-deployment.yaml as well.
Thanks for the proposition, @a-dawg @pjamenaja! Please feel free to send our way a PR - I'll be happy to review and merge it, afterwards. 🙇♂️
Describe the Bug
I am not able to run the chart on openshift 4.5 I am getting in the puppetserver logs
Expected Behavior
should not be killed
Environment
openshift 4.5
Additional Context
I have tried the commands below with no luck