Pods can't be started on OCP 3.x clusters with default configuration #41
Assignees
Labels
Milestone
Comments
ricardozanini
added
bug 🐛
|
The reason of this BUG is that OCP 3.11 has a default SCC that prevents userID with low numbers, such as 200 (the one Nexus uses). To fix this, a custom SCC must be created in the namespace. See: https://docs.openshift.com/container-platform/3.11/install_config/persistent_storage/pod_security_context.html We will document and add a SCC example to the project to help administrators have the operator working on OCP 3.11 clusters. |
|
Pushing to 0.2.0, if we have the time by the end of the milestone we should include this one. |
LCaparelli
added a commit
to LCaparelli/nexus-operator
that referenced
this issue
May 7, 2020
Make Deployments use the ServiceAccount informed in `nexus.spec.serviceAccountName`. If none is informed the default SA created by the operator-sdk in `deploy/`is used. Assumes the default account has not been deleted, the Deployment will trigger an event otherwise. Fix m88i#41 by adding SCCs which can be used by the cluster admin and documenting their use. Signed-off-by: Lucas Caparelli <lucas.caparelli112@gmail.com>
LCaparelli
added a commit
to LCaparelli/nexus-operator
that referenced
this issue
May 7, 2020
Make Deployments use the ServiceAccount informed in `nexus.spec.serviceAccountName`. If none is informed the default SA created by the operator-sdk in `deploy/`is used. Assumes the default account has not been deleted, the Deployment will trigger an event otherwise. Fix m88i#41 by adding SCCs which can be used by the cluster admin and documenting their use. Signed-off-by: Lucas Caparelli <lucas.caparelli112@gmail.com>
LCaparelli
added a commit
to LCaparelli/nexus-operator
that referenced
this issue
May 8, 2020
Create default RBAC resources for use by the Operator. Make Deployments use the ServiceAccount informed in `nexus.spec.serviceAccountName`. If none is informed the default SA created by the Operator is used. Fix m88i#41 by adding SCCs which can be used by the cluster admin and documenting their use. Signed-off-by: Lucas Caparelli <lucas.caparelli112@gmail.com>
LCaparelli
added a commit
to LCaparelli/nexus-operator
that referenced
this issue
May 8, 2020
Create default RBAC resources for use by the Operator. Make Deployments use the ServiceAccount informed in `nexus.spec.serviceAccountName`. If none is informed the default SA created by the Operator is used. Fix m88i#41 by adding SCCs which can be used by the cluster admin and documenting their use. Signed-off-by: Lucas Caparelli <lucas.caparelli112@gmail.com>
LCaparelli
added a commit
to LCaparelli/nexus-operator
that referenced
this issue
May 8, 2020
Create default RBAC resources for use by the Operator. Make Deployments use the ServiceAccount informed in `nexus.spec.serviceAccountName`. If none is informed the default SA created by the Operator is used. Fix m88i#41 by adding SCCs which can be used by the cluster admin and documenting their use. Signed-off-by: Lucas Caparelli <lucas.caparelli112@gmail.com>
LCaparelli
added a commit
to LCaparelli/nexus-operator
that referenced
this issue
May 9, 2020
Create default RBAC resources for use by the Operator. Make Deployments use the ServiceAccount informed in `nexus.spec.serviceAccountName`. If none is informed the default SA created by the Operator is used. Fix m88i#41 by adding SCCs which can be used by the cluster admin and documenting their use. Signed-off-by: Lucas Caparelli <lucas.caparelli112@gmail.com>
Merged
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
When attempting to deploy to an OCP 3.x cluster the following error pops up:
As Nexus must run using this UID the cluster administrator needs to create a scc to work around this. It would be nice if we could supply this scc and have this documented.
The text was updated successfully, but these errors were encountered: