[Doc]: Documentation doesn't cover anyuid requirement on OpenShift

Question

[Doc]: Documentation doesn't cover anyuid requirement on OpenShift

DanieleVistalli opened this issue 2 years ago · comments

Daniele Vistalli commented 2 years ago

Contact Details

daniele.vistalli@factor-y.com

Page(s) impacted

Deployment of DX on OpenShift environment

What is the issue?

Deploying to OpenShift needs some policy tweak of the OpenShift Project/Namespace where DX is deployed.

Specifically we found that wihtout the anyuid flag added to the:

default service account of the namespace
dx-runtime-controller service account created by the deployment

some services fail to start.

We used the following commands after perfomring the helm install operation

oc adm policy add-scc-to-user anyuid system:serviceaccount:[project name]:default
oc adm policy add-scc-to-user anyuid system:serviceaccount:[project name]:[dx-deployment]-dx-runtime-controller-[dx-deployment]

Version

Kubernetes deployment - Helm charts

hhue13 · Answer 1 · Mon Aug 22 2022 22:59:09 GMT+0800 (China Standard Time)

Just fyi .. I've added the following annotations to the namespace instead:
openshift.io/sa.scc.supplemental-groups: 1001/10000
and
openshift.io/sa.scc.uid-range: 1000/10000