[
https://issues.apache.org/jira/browse/SUBMARINE-1229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
cdmikechen updated SUBMARINE-1229:
----------------------------------
Description:
Minio initContainer pod always shows that it cannot end correctly. I've seen
the log in the pod and found the following errors:
{code}
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
{code}
I checked resource yaml and found that openshift add a *runasuser* in
deployment:
{code}
initContainers:
- resources: {}
terminationMessagePath: /dev/termination-log
name: submarine-server-initcontainer
command:
- /bin/bash
- '-c'
- >-
cnt=0; while ! /bin/bash -c 'mc config host add minio
http://submarine-minio-service:9000 submarine_minio submarine_minio'
2>&1; do sleep 15; ((cnt=cnt+1)); if [ $cnt -eq 80 ];then echo 'ERROR:
wait too long for minio pod'; exit 1; fi; done; if /bin/bash -c 'mc ls
minio/submarine' >/dev/null 2>&1; then echo 'Bucket minio/submarine
already exists, skipping creation.'; else /bin/bash -c 'mc mb
minio/submarine'; fi;
securityContext:
capabilities:
drop:
- KILL
- MKNOD
- SETGID
- SETUID
runAsUser: 1000790000
imagePullPolicy: Always
volumeMounts:
- name: submarine-server-token-bnj4d
readOnly: true
mountPath: /var/run/secrets/kubernetes.io/serviceaccount
terminationMessagePolicy: File
image: 'minio/mc'
{code}
Openshift will add *runAsUser* with a custom uid under *securityContext* when
we didn't add *RunAsAny* to serviceaccount.
was:
Minio initContainer pod always shows that it cannot end correctly. I've seen
the log in the pod and found the following errors:
{code}
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
{code}
I checked resource yaml and found that openshift add a *runasuser* in
deployment:
{code}
initContainers:
- resources: {}
terminationMessagePath: /dev/termination-log
name: submarine-server-initcontainer
command:
- /bin/bash
- '-c'
- >-
cnt=0; while ! /bin/bash -c 'mc config host add minio
http://submarine-minio-service:9000 submarine_minio submarine_minio'
2>&1; do sleep 15; ((cnt=cnt+1)); if [ $cnt -eq 80 ];then echo 'ERROR:
wait too long for minio pod'; exit 1; fi; done; if /bin/bash -c 'mc ls
minio/submarine' >/dev/null 2>&1; then echo 'Bucket minio/submarine
already exists, skipping creation.'; else /bin/bash -c 'mc mb
minio/submarine'; fi;
securityContext:
capabilities:
drop:
- KILL
- MKNOD
- SETGID
- SETUID
runAsUser: 1000790000
imagePullPolicy: Always
volumeMounts:
- name: submarine-server-token-bnj4d
readOnly: true
mountPath: /var/run/secrets/kubernetes.io/serviceaccount
terminationMessagePolicy: File
image:
'syharbor.sypesco.com:5000/platform/minio/mc:RELEASE.2021-12-29T06-52-55Z'
{code}
Openshift will add *runAsUser* with a custom uid under *securityContext* when
we didn't add *RunAsAny* to serviceaccount.
> Minio initContainer pod (mlflow and server) not working properly in openshift
> -----------------------------------------------------------------------------
>
> Key: SUBMARINE-1229
> URL: https://issues.apache.org/jira/browse/SUBMARINE-1229
> Project: Apache Submarine
> Issue Type: Bug
> Components: Cloud-native Deployment
> Reporter: cdmikechen
> Priority: Major
> Fix For: 0.7.0
>
>
> Minio initContainer pod always shows that it cannot end correctly. I've seen
> the log in the pod and found the following errors:
> {code}
> mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
> mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
> mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
> mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
> mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
> mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
> mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
> mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
> mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
> mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
> mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
> mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
> mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied.
> {code}
> I checked resource yaml and found that openshift add a *runasuser* in
> deployment:
> {code}
> initContainers:
> - resources: {}
> terminationMessagePath: /dev/termination-log
> name: submarine-server-initcontainer
> command:
> - /bin/bash
> - '-c'
> - >-
> cnt=0; while ! /bin/bash -c 'mc config host add minio
> http://submarine-minio-service:9000 submarine_minio submarine_minio'
> 2>&1; do sleep 15; ((cnt=cnt+1)); if [ $cnt -eq 80 ];then echo 'ERROR:
> wait too long for minio pod'; exit 1; fi; done; if /bin/bash -c 'mc ls
> minio/submarine' >/dev/null 2>&1; then echo 'Bucket minio/submarine
> already exists, skipping creation.'; else /bin/bash -c 'mc mb
> minio/submarine'; fi;
> securityContext:
> capabilities:
> drop:
> - KILL
> - MKNOD
> - SETGID
> - SETUID
> runAsUser: 1000790000
> imagePullPolicy: Always
> volumeMounts:
> - name: submarine-server-token-bnj4d
> readOnly: true
> mountPath: /var/run/secrets/kubernetes.io/serviceaccount
> terminationMessagePolicy: File
> image: 'minio/mc'
> {code}
> Openshift will add *runAsUser* with a custom uid under *securityContext* when
> we didn't add *RunAsAny* to serviceaccount.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
