Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 [bug] - Issue with fybrik-dev installing opa et.al #79

Open
ryanaslett opened this issue Jul 24, 2023 · 4 comments
Open

🐛 [bug] - Issue with fybrik-dev installing opa et.al #79

ryanaslett opened this issue Jul 24, 2023 · 4 comments
Assignees
@jpaulrajredhat @avinashsingh77
Labels
kind/bug Something isn't working

Comments

@ryanaslett
Copy link

📝 Description

[... of the issue you're seeing in the content / tech demo exercises]
During the Supply chain Builds step it has us create our argocd app of apps.

Problem is that when we run it
(

data-mesh-pattern/gitops/argocd/cluster-dev/rainforest-ci-cd/fybrik-dev.yaml

Line 40 in 699ce55

runAsUser: 1000810000
)

we get an error with the security context not matching any constraints:

    ```pods "opa-5867777fb9-" is forbidden: unable to validate against any
    security context constraint: [provider "anyuid": Forbidden: not usable
    by user or serviceaccount, provider "pipelines-scc": Forbidden: not
    usable by user or serviceaccount,
    spec.initContainers[0].securityContext.runAsUser: Invalid value:
    1000810000: must be in the ranges: [1000860000, 1000869999],
    spec.containers[0].securityContext.runAsUser: Invalid value: 1000810000:
    must be in the ranges: [1000860000, 1000869999],
    spec.containers[1].securityContext.runAsUser: Invalid value: 1000810000:
    must be in the ranges: [1000860000, 1000869999], provider "restricted":
    Forbidden: not usable by user or serviceaccount, provider
    "container-build": Forbidden: not usable by user or serviceaccount,
    provider "nonroot-v2": Forbidden: not usable by user or serviceaccount,
    provider "nonroot": Forbidden: not usable by user or serviceaccount,
    provider "hostmount-anyuid": Forbidden: not usable by user or
    serviceaccount, provider "machine-api-termination-handler": Forbidden:
    not usable by user or serviceaccount, provider "hostnetwork-v2":
    Forbidden: not usable by user or serviceaccount, provider "hostnetwork":
    Forbidden: not usable by user or serviceaccount, provider "hostaccess":
    Forbidden: not usable by user or serviceaccount, provider
    "node-exporter": Forbidden: not usable by user or serviceaccount,
    provider "privileged": Forbidden: not usable by user or serviceaccount]```
@ryanaslett ryanaslett mentioned this issue Jul 25, 2023
Open
@caldeirav caldeirav added the kind/bug Something isn't working label Jul 25, 2023
@ryanaslett
Copy link
Author

@redmikhail informed me that we probably should just remove the references to the runasuser in these definitions so that they inherit the user range from the cluster. https://github.com/opendatahub-io-contrib/data-mesh-pattern/blob/main/gitops/argocd/cluster-dev/rainforest-ci-cd/fybrik-dev.yaml#L40-L52

@avinashsingh77
Copy link
Collaborator

I agree on your suggestion @ryanaslett . I will try this out during the current installation.

@HeatherAck HeatherAck mentioned this issue Aug 21, 2023
Open
@HeatherAck
Copy link

@redmikhail have you given @jpaulrajredhat access?

@HeatherAck
Copy link

@jpaulrajredhat do you have any update?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jpaulrajredhat jpaulrajredhat

@avinashsingh77 avinashsingh77

Labels
kind/bug Something isn't working
Projects
No open projects
Data Mesh Pattern Backlog
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ryanaslett @caldeirav @jpaulrajredhat @HeatherAck @avinashsingh77