Comments (4)
Hello @clemlesne
It appears that our Pod Admission Controller disallow you the usage of ephemeral disks. Can you confirm that?
Thank you, I finally noticed that you already provide this option. Setting pipelines.{cache,tmpdir}.volumeEnabled: false
removes that error. I should have read README much more carefully.
OpenShift is really strict in terms of privilege escalations, Red Hat is right. I'm working into this.
Thanks! I would be happy to test your fixes in an OpenShift sandbox project at my org, if that's helpful.
from blue-agent.
Hello @timrburnham, thank you for your patience. Can you test the image flavor ubi9
version 6.2.1-1.2d3ceab
on your OpenShift cluster?
Details:
- Build ref https://github.com/clemlesne/azure-pipelines-agent/actions/runs/6962257636/job/18945604971.
- Comit ref 2d3ceab
from blue-agent.
Hello @timrburnham,
I see your errors are:
spec.volumes[0]: Invalid value: "ephemeral": ephemeral volumes are not allowed to be used
spec.containers[0].securityContext.runAsUser: Invalid value: 0: must be in the ranges: [1000920000, 1000929999]
Regarding spec.volumes[0]: Invalid value: "ephemeral": ephemeral volumes are not allowed to be used
:
It appears that our Pod Admission Controller disallow you the usage of ephemeral disks. Can you confirm that?
Regarding spec.containers[0].securityContext.runAsUser: Invalid value: 0: must be in the ranges: [1000920000, 1000929999]
:
OpenShift is really strict in terms of privilege escalations, Red Hat is right. I'm working into this.
from blue-agent.
I'm clothing this issue as there is no update. Don't hesitate to reopen and comment.
from blue-agent.
Related Issues (20)
- Chart 5.0.0 - KubeVersion: >=1.19 HOT 3
- Add root CA at runtime, for self-signed internal SSL communications HOT 2
- Add Python in Windows containers HOT 1
- Add AWS CLI to all containers HOT 1
- Add Google Cloud CLI to all containers HOT 1
- Cannot use Buildkit because of wrongly defined env HOT 3
- Error `/proc/sys/user/max_user_namespaces needs to be set to non-zero` HOT 3
- Add Visual Studio Build Tools with Windows containers HOT 6
- larger consumption of ephemeral-storage HOT 3
- Can't use extensions to install tools (permission denied) HOT 9
- Needing more permissions at $HOME HOT 4
- Improvements to make job completion more flexible HOT 2
- Allow setting of the number of minimum replicas and extraManifests HOT 1
- Connect to Azure DevOps server using Service Principal
- Optional Pod Labels in Helm Chart HOT 2
- PublishTestResults Task fails HOT 4
- Pipeline instances in the Azure DevOps server are not deleted HOT 3
- Region selection and bicep import.
- No organizationURL given
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from blue-agent.