Pods can't be started on OCP 3.x clusters with default configuration #41
Assignees
Labels
Projects
Milestone
Comments
ricardozanini
added
bug 🐛
|
The reason of this BUG is that OCP 3.11 has a default SCC that prevents userID with low numbers, such as 200 (the one Nexus uses). To fix this, a custom SCC must be created in the namespace. See: https://docs.openshift.com/container-platform/3.11/install_config/persistent_storage/pod_security_context.html We will document and add a SCC example to the project to help administrators have the operator working on OCP 3.11 clusters. |
|
Pushing to 0.2.0, if we have the time by the end of the milestone we should include this one. |
LCaparelli
added a commit
to LCaparelli/nexus-operator
that referenced
this issue
May 7, 2020
Make Deployments use the ServiceAccount informed in `nexus.spec.serviceAccountName`. If none is informed the default SA created by the operator-sdk in `deploy/`is used. Assumes the default account has not been deleted, the Deployment will trigger an event otherwise. Fix m88i#41 by adding SCCs which can be used by the cluster admin and documenting their use. Signed-off-by: Lucas Caparelli <lucas.caparelli112@gmail.com>
LCaparelli
added a commit
to LCaparelli/nexus-operator
that referenced
this issue
May 7, 2020
Make Deployments use the ServiceAccount informed in `nexus.spec.serviceAccountName`. If none is informed the default SA created by the operator-sdk in `deploy/`is used. Assumes the default account has not been deleted, the Deployment will trigger an event otherwise. Fix m88i#41 by adding SCCs which can be used by the cluster admin and documenting their use. Signed-off-by: Lucas Caparelli <lucas.caparelli112@gmail.com>
LCaparelli
added a commit
to LCaparelli/nexus-operator
that referenced
this issue
May 8, 2020
Create default RBAC resources for use by the Operator. Make Deployments use the ServiceAccount informed in `nexus.spec.serviceAccountName`. If none is informed the default SA created by the Operator is used. Fix m88i#41 by adding SCCs which can be used by the cluster admin and documenting their use. Signed-off-by: Lucas Caparelli <lucas.caparelli112@gmail.com>
LCaparelli
added a commit
to LCaparelli/nexus-operator
that referenced
this issue
May 8, 2020
Create default RBAC resources for use by the Operator. Make Deployments use the ServiceAccount informed in `nexus.spec.serviceAccountName`. If none is informed the default SA created by the Operator is used. Fix m88i#41 by adding SCCs which can be used by the cluster admin and documenting their use. Signed-off-by: Lucas Caparelli <lucas.caparelli112@gmail.com>
LCaparelli
added a commit
to LCaparelli/nexus-operator
that referenced
this issue
May 8, 2020
Create default RBAC resources for use by the Operator. Make Deployments use the ServiceAccount informed in `nexus.spec.serviceAccountName`. If none is informed the default SA created by the Operator is used. Fix m88i#41 by adding SCCs which can be used by the cluster admin and documenting their use. Signed-off-by: Lucas Caparelli <lucas.caparelli112@gmail.com>
LCaparelli
added a commit
to LCaparelli/nexus-operator
that referenced
this issue
May 9, 2020
Create default RBAC resources for use by the Operator. Make Deployments use the ServiceAccount informed in `nexus.spec.serviceAccountName`. If none is informed the default SA created by the Operator is used. Fix m88i#41 by adding SCCs which can be used by the cluster admin and documenting their use. Signed-off-by: Lucas Caparelli <lucas.caparelli112@gmail.com>
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When attempting to deploy to an OCP 3.x cluster the following error pops up:
As Nexus must run using this UID the cluster administrator needs to create a scc to work around this. It would be nice if we could supply this scc and have this documented.
The text was updated successfully, but these errors were encountered: