Comments (6)
hi @coderDem did you try to install this helm chart outside Terraform with --debug
? There's nothing in it that would deal with SCC which is OpenShift API resource, and I struggle to understand why in your case Helm chart wants to get SCC which is a cluster-wide (non-namespaces resource).
With that being said, I'd like to kindly remind you about support boundaries for the Terraform project and that OpenShift isn't among officially supported platforms.
from data-center-helm-charts.
Hello @bianchi2
thank you for your fast response.
We could deploy the helm chart by hand on our cluster see here:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
nfs-server tfdp-tf-one 1 2022-07-19 09:55:27.4377295 +0200 CEST deployed nfs-server-0.2.0 2.0
postgresql tfdp-tf-one 1 2022-07-15 14:17:33.027522 +0200 CEST deployed postgresql-11.6.16 14.4.0
vaultatruvia tfdp-tf-one 1 2022-07-13 17:38:39.274439597 +0200 CEST deployed vault-0.18.0 1.9.0
But we still get the error. We don't know why the helmchart provider from Atlassian tries to get access to cluster-wide SecuityConstraintsContext objects ... and doesnt even seem to pass on the namespace name to the helm chart it is supposed to be deployed to, we have sent a request on the linked slack channel on the atlassian website for the tf deployment script for datacenter#server Atlassian products and are keeping our fingers crossed for a fast response xD
from data-center-helm-charts.
@coderDem there are no SCCs in NFS Helm chart templates. Can you confirm you haven't modified templates to add SCC objects to solve some permission issues on OpenShift (i.e. you are using Helm chart as is?)?
Iād probably enable debug mode for Helm provider https://registry.terraform.io/providers/hashicorp/helm/latest/docs#argument-reference in here https://github.com/atlassian-labs/data-center-terraform/blob/b16ecd5a47d31c8f6f9600e156c470cf352bb64f/providers.tf#L21
What I expect then is helm printing what exact resource already exists and this will shed some light on the issue and further debugging
from data-center-helm-charts.
Hello @bianchi2
thank you for your reply. We are now know we need get a SecurityObject for our user and get the possibility to bind it,
to start the nfs server.
from data-center-helm-charts.
I suspect it's related to allowing anyuid since nfs server won't start as a user with a 1000008something uid (a range is per namespace)? Other than that I do not see anything in NFS stateful set that would prevent it from starting in OpenShift (not privileged, no host volume mounts, no direct volume mounts etc)
from data-center-helm-charts.
Hello @bianchi2
we are now not using the NFS anymore and using: PersistentVolumeClaims for this.
So I will close this issue.
from data-center-helm-charts.
Related Issues (20)
- [Suggestion] - Add resource requests and limits for init-containers HOT 1
- [Breaking - Changes] - podAnnotations don't support Datadog labels anymore HOT 5
- [Suggestion] - Handling database and/or storage recovery HOT 1
- [Suggestion] - Flag to remove setup ingress in Confluence helm chart HOT 3
- [Suggestion] - monitoring.jmxExporterCustomConfig does not work if exposeJmxMetrics is set to true HOT 1
- [Suggestion] - Security Vulnerabilities on v8.5.2 and Helm Chart Doesn't Support v8.5.3 HOT 3
- [Suggestion] - Support Kubernetes StatefulSetStartOrdinal feature gate .spec.ordinals.start HOT 5
- [Suggestion] - Upgrade to Fluentbit HOT 2
- [Suggestion] - BlockList additions to Confluence JMX Exporter config HOT 8
- [Suggestion] - Don't assign pod annotations to test pods HOT 4
- [Suggestion] - internalProxies line should be removed when there is no proxyInternalIps value in tomcatConfig HOT 9
- [Suggestion] - Make examples in the Bitbucket DC Chart more clear HOT 3
- [Suggestion] - Remove confluence shared home from synchrony volumes when creating a dedicated synchrony volume HOT 1
- [Suggestion] - Use different labels for jmx-exporter service HOT 15
- Installation problem after license HOT 3
- [Suggestion] - Use image from values.yaml for all tests containers images HOT 4
- [Suggestion] - Shared home should not be removed from synchrony [revert request for #745] HOT 2
- [Suggestion] - Add chmod to import-cert init-container script when running as non-root HOT 2
- [Suggestion] Enable HTTPS connection to the Bamboo server HOT 2
- [Suggestion] - Defining tomcatconfig.proxyName should override ingress.host HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from data-center-helm-charts.