microcks
openshift 4.13 - mongodb scc issue
Describe the bug
hi all, i want to fresh install microcks operator on my openshift 4.13 cluster but i have a scc mongodb issue !
oc logs my-microcksinstall-mongodb-6db9745d95-bjjgj
2024-09-11T09:19:45.964236742Z chown: changing ownership of '/proc/1/fd/1': Permission denied
2024-09-11T09:19:45.964403149Z chown: changing ownership of '/proc/1/fd/2': Permission denied
2024-09-11T09:19:45.992234071Z warning: initdb logs cannot write to '/proc/1/fd/1', so they are in '/var/lib/mongodb/data/docker-initdb.log' instead
2024-09-11T09:19:46.024305564Z about to fork child process, waiting until server is ready for connections.
2024-09-11T09:19:46.025472733Z forked process: 27
2024-09-11T09:19:46.026814392Z ERROR: child process failed, exited with 1
2024-09-11T09:19:46.026814392Z To see additional information in this output, start without the "--fork" option.
i have another cluster in 4.14 and after fresh install i have no issue so i compare both
i saw in the 2 mongodb pods (dev cluster that is ok and prd cluster that is failed) that there is a difference with the scc :
DEV CLUSTER :
drop:
- ALL
privileged: false
runAsUser: 1000860000
runAsNonRoot: true
allowPrivilegeEscalation: false
PRD CLUSTER :
drop:
- MKNOD
privileged: false
but if i compare deployments or replicatsets i don't see any differences with securitycontext i don't understand where this scc is set ?
i saw a difference in annotations but i don't know where is it come from ?
DEV :
bash-4.4 ~ $ oc get pod my-microcksinstall-mongodb-64f5db9fff-9j87k -n microcks -o=jsonpath='{.metadata.annotations}' {"k8s.v1.cni.cncf.io/network-status":"[{\n "name": "openshift-sdn",\n "interface": "eth0",\n "ips": [\n "10.244.9.243"\n ],\n "default": true,\n "dns": {}\n}]","openshift.io/scc":"restricted-v2","seccomp.security.alpha.kubernetes.io/pod":"runtime/default"} PRD :
bash-4.4 ~ $ oc get pod my-microcksinstall-mongodb-6db9745d95-bjjgj -n microcks -o=jsonpath='{.metadata.annotations}' {"k8s.v1.cni.cncf.io/network-status":"[{\n "name": "openshift-sdn",\n "interface": "eth0",\n "ips": [\n "10.243.15.46"\n ],\n "default": true,\n "dns": {}\n}]","openshift.io/scc":"anyuid"}
i opened a redhat case but they saw ythe scc difference too but they cannot tell me where it is set !!!! can you tell me where can i set this scc difference or why i have this issue ?
thanks a lot for your help
ludo
Expected behavior
mongodb pod start fine without crashloopback off
Actual behavior
crashloopbackoff with error message :
2024-09-11T09:19:45.964236742Z chown: changing ownership of '/proc/1/fd/1': Permission denied 2024-09-11T09:19:45.964403149Z chown: changing ownership of '/proc/1/fd/2': Permission denied 2024-09-11T09:19:45.992234071Z warning: initdb logs cannot write to '/proc/1/fd/1', so they are in '/var/lib/mongodb/data/docker-initdb.log' instead 2024-09-11T09:19:46.024305564Z about to fork child process, waiting until server is ready for connections. 2024-09-11T09:19:46.025472733Z forked process: 27 2024-09-11T09:19:46.026814392Z ERROR: child process failed, exited with 1 2024-09-11T09:19:46.026814392Z To see additional information in this output, start without the "--fork" option.
How to Reproduce?
install the operator from scratch
Microcks version or git rev
1.10
Install method (docker-compose, helm chart, operator, docker-desktop extension,...)
openshift operator
Additional information
No response
