我正在尝试将载体OSS安装在OpenShift群集中。我正在使用此掌舵图表 https://charts.jfrog.io/artifactory-actactory-actactory-actactory-actactory-actactory-a OSS-107.39.4.tgz (警告我对OpenShift等人非常陌生。我在陡峭的学习曲线上)
当我
遇到此错误时,
pods "artifactory-artifactory-nginx-5c66b8c948-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted: .spec.securityContext.fsGroup: Invalid value: []int64{107}: 107 is not an allowed group, spec.initContainers[0].securityContext.runAsUser: Invalid value: 104: must be in the ranges: [1000970000, 1000979999], spec.containers[0].securityContext.runAsUser: Invalid
我认为这是OpenShift权限错误。但是,鉴于我正在以集群的身份运行,我发现有点惊讶。
谁能提供建议如何解决此问题并在OpenShift中运行Artifactory-oss?
提前致谢 !
-
尝试通过一些选项设置UID和GILD。
我尝试从此
头盔升级开始 - 安装文物 - 设置文物= uid = 1001010042,文物。gid= 1001010042,nginx.uid = 1001010042,nginx.gid = 1001010042,artifactory.mast erkey = $ {master_key},artifactory.joinkey = $ {join_key},artifactory.postgresql.postgresqlpassword = $ postgres_pass_password - Namespace Artifactory Jfrog/Artifactory-oss
选项应该设置UID和GID。但是我仍然知道.. Helm Chart似乎忽略了覆盖值Pods的努力
pods pods“ Artifactory-artifactory-artifactory-nginx-5c6666b8c948-”是禁止的。无法验证任何安全上下文约束:[提供者“ Anyuid”:禁止:不可用用户使用或ServiceAccount,提供者限制:.spec.SecurityContext.fsGroup:无效值:[] Int64 {107}:107不是一个允许的组,Spec.InitContainers [0] .securityContext.Runasuser:Invalid Value:104:必须在Ranges中:[1000930000,1000939999], Spec.Containers [0] .securityContext.Runasuser:无效
I am trying to install artifactory oss in a openshift cluster. I am using this helm chart https://charts.jfrog.io/artifactory-oss-107.39.4.tgz (Warning I am very new to openshift etc.. I am on a steep learning curve )
I am running the helm chart as the openshift cluster-admin account
However I am getting this error
pods "artifactory-artifactory-nginx-5c66b8c948-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted: .spec.securityContext.fsGroup: Invalid value: []int64{107}: 107 is not an allowed group, spec.initContainers[0].securityContext.runAsUser: Invalid value: 104: must be in the ranges: [1000970000, 1000979999], spec.containers[0].securityContext.runAsUser: Invalid
I think it is a openshift permissions error .. in that it requires a more permissive security constraint. However given I am running as cluster-admin I find that a little suprising.
Can anyone offer a suggestion how to resolve this issue and get artifactory-oss running in openshift?
Thanks in advance !
--
Tried passing some options to set the uid and gild..
I tried starting with this
helm upgrade --install artifactory --set artifactory.uid=1001010042,artifactory.gid=1001010042,nginx.uid=1001010042,nginx.gid=1001010042,artifactory.masterKey=${MASTER_KEY},artifactory.joinKey=${JOIN_KEY},artifactory.postgresql.postgresqlPassword=$POSTGRES_PASSWORD --namespace artifactory jfrog/artifactory-oss
The options should have set the uids and gids.. but I still got.. Seems the helm chart ignores efforts to overwrite the values
pods "artifactory-artifactory-nginx-5c66b8c948-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted: .spec.securityContext.fsGroup: Invalid value: []int64{107}: 107 is not an allowed group, spec.initContainers[0].securityContext.runAsUser: Invalid value: 104: must be in the ranges: [1000930000, 1000939999], spec.containers[0].securityContext.runAsUser: Invalid
发布评论
评论(2)
关于安装词法以某些前提为先例。
:这取决于:它取决于用于安装头盔图的确切命令。
AS 在此处说明,“
runasuser”和“fsgroup “在value.yaml中可以对错误消息产生影响。See
Regarding the JFrog Artifactory OSS Helm Chart, its documentation Installing Artifactory points out to some prerequisites.
The point is: it depends on the exact command used to install the Helm Chart.
As illustrated here, the value for "
runAsUser" and "fsGroup" invalues.yamlcan have an influence on the error message..See Managing security context constraints for more.
看起来您的错误不是由安装本身引起的,而是由于OpenShift安全性“功能”,该功能在每个安装时都会更改允许的UID/GID范围。提供更多信息可用在这里;就我个人而言,我发现通常可以通过战略性地避免使用特定的UID来为服务使用特定的UID,但这也许不是您的选择。
It looks like your error is not arising from the install itself, but from an OpenShift security "feature" that changes the permitted UID/GID range with each installation. More info is available here; personally I have found that it's usually possible to avoid the use of specific UIDs for services entirely by chmod-ing strategically, but perhaps that's not an option for you.