[Doc]: Documentation doesn't cover anyuid requirement on OpenShift
DanieleVistalli opened this issue · comments
Contact Details
Page(s) impacted
Deployment of DX on OpenShift environment
What is the issue?
Deploying to OpenShift needs some policy tweak of the OpenShift Project/Namespace where DX is deployed.
Specifically we found that wihtout the anyuid flag added to the:
- default service account of the namespace
- dx-runtime-controller service account created by the deployment
some services fail to start.
We used the following commands after perfomring the helm install operation
oc adm policy add-scc-to-user anyuid system:serviceaccount:[project name]:default
oc adm policy add-scc-to-user anyuid system:serviceaccount:[project name]:[dx-deployment]-dx-runtime-controller-[dx-deployment]
Version
Kubernetes deployment - Helm charts
Just fyi .. I've added the following annotations to the namespace instead:
openshift.io/sa.scc.supplemental-groups: 1001/10000
and
openshift.io/sa.scc.uid-range: 1000/10000