[ https://issues.apache.org/jira/browse/SUBMARINE-1229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17516417#comment-17516417 ]
cdmikechen commented on SUBMARINE-1229: --------------------------------------- this issue is same with issue https://issues.apache.org/jira/browse/SUBMARINE-1179 > Minio initContainer pod (mlflow and server) not working properly in openshift > ----------------------------------------------------------------------------- > > Key: SUBMARINE-1229 > URL: https://issues.apache.org/jira/browse/SUBMARINE-1229 > Project: Apache Submarine > Issue Type: Bug > Components: Cloud-native Deployment > Reporter: cdmikechen > Priority: Major > Fix For: 0.7.0 > > > Minio initContainer pod always shows that it cannot end correctly. I've seen > the log in the pod and found the following errors: > {code} > mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied. > mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied. > mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied. > mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied. > mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied. > mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied. > mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied. > mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied. > mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied. > mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied. > mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied. > mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied. > mc: <ERROR> Unable to save new mc config. mkdir /.mc: permission denied. > {code} > I checked resource yaml and found that openshift add a *runasuser* in > deployment: > {code} > initContainers: > - resources: {} > terminationMessagePath: /dev/termination-log > name: submarine-server-initcontainer > command: > - /bin/bash > - '-c' > - >- > cnt=0; while ! /bin/bash -c 'mc config host add minio > http://submarine-minio-service:9000 submarine_minio submarine_minio' > 2>&1; do sleep 15; ((cnt=cnt+1)); if [ $cnt -eq 80 ];then echo 'ERROR: > wait too long for minio pod'; exit 1; fi; done; if /bin/bash -c 'mc ls > minio/submarine' >/dev/null 2>&1; then echo 'Bucket minio/submarine > already exists, skipping creation.'; else /bin/bash -c 'mc mb > minio/submarine'; fi; > securityContext: > capabilities: > drop: > - KILL > - MKNOD > - SETGID > - SETUID > runAsUser: 1000790000 > imagePullPolicy: Always > volumeMounts: > - name: submarine-server-token-bnj4d > readOnly: true > mountPath: /var/run/secrets/kubernetes.io/serviceaccount > terminationMessagePolicy: File > image: 'minio/mc' > {code} > Openshift will add *runAsUser* with a custom uid under *securityContext* when > we didn't add *RunAsAny* to serviceaccount. > {code} > oc adm policy add-scc-to-user anyuid -z submarine-server -n submarine > oc adm policy add-scc-to-user anyuid -z default -n submarine > {code} -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@submarine.apache.org For additional commands, e-mail: dev-h...@submarine.apache.org