Redis Master/Replica will not start on Openshift 4.x #13
Description
Bug
Description
I'm currently trying to deploy ArgoCD on an Openshift 4.17 cluster. The redis-bb master/replica pods will not start due to permissions issues.
It looks like there's an issue with Openshift's SCC defaults, which assigns a random UID/GID for the container user. The containerSecurityContext values for master and replica are not passing to the deployed StatefulSet:
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/component: master
app.kubernetes.io/instance: argocd-argocd
app.kubernetes.io/name: redis-bb
topologyKey: kubernetes.io/hostname
weight: 1
automountServiceAccountToken: false
containers:
- args:
- -c
- /opt/bitnami/scripts/start-scripts/start-master.sh
command:
- /bin/bash
.
.
.
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
Here's the pertinent section in my values.yaml:
addons:
argocd:
enabled: true
values:
openshift:
enabled: true
Redis container logs show the startup script invoking the redis-server binary, but getting a "not found" error:
uid=1000780000(1000780000) gid=0(root) groups=0(root),1000780000
/opt/bitnami/scripts/start-scripts/start-master.sh: line 14: exec: redis-server: not found
NOTE: I modified the argocd-argocd-redis-bb-scripts ConfigMap to also run id for debugging purposes.
The directory where redis-server resides requires UID or GID of 1001 to r/x:
[redis@4da5862373af ~]$ ls -la /opt/bitnami |grep redis
drwxr-x--- 6 redis redis 4096 Dec 9 23:53 redis
[redis@4da5862373af ~]$ cat /etc/passwd |grep redis
redis:x:1001:1001::/home/redis:/sbin/nologin
But currently, the user has UID/GID that cannot execute the binary.
BigBang Version
2.47.0