The SecurityContext in deck deployment results in the deck container crashing
nimakaviani opened this issue · comments
Looks like the new securityContext introduced for a deck deployment here breaks it for me. I got the following error when trying to deploy deck and had to disable the security context for it to work. thoughts?
cp: cannot create regular file 'spinnaker.conf': Permission denied
sed: can't read spinnaker.conf: No such file or directory
sed: can't read spinnaker.conf: No such file or directory
sed: can't read spinnaker.conf: No such file or directory
mv: cannot stat 'spinnaker.conf': No such file or directory
ERROR: Site spinnaker does not exist!
Could not remove /etc/apache2/sites-enabled/000-default.conf: Permission denied
cp: cannot create regular file 'ports.conf': Permission denied
sed: can't read ports.conf: No such file or directory
sed: can't read ports.conf: No such file or directory
mv: cannot stat 'ports.conf': No such file or directory
cp: cannot create regular file 'passphrase': Permission denied
sed: can't read passphrase: No such file or directory
chmod: cannot access 'passphrase': No such file or directory
mv: cannot stat 'passphrase': No such file or directory
cp: cannot create regular file '/opt/deck/html/settings.js': Permission denied
chown: changing ownership of '/var/lock/apache2.g9wrlkWKEk': Operation not permitted```
@nimakaviani thanks for reporting this; I'll remove Deck's security context and tag a new kustomization-base release. Deck's Dockerfile was non-trivial to update to use the same 10111 UID as the rest of the microservices, so we decided to leave it as-is for now. I should have just reverted the security context block added to Deck when I made this commit updating the rest of the microservices to use the new UID.