Comments (4)
ajeetratnu
commented on July 29, 2024
1
Thanks for the hint.
Actually it was different values which were causing problem.
issue: elasticsearch internally has sysctlInitContainer where the priviliged=true and runAsUser=0 are hardcoded.
Just to share solution, if anyone else is facing same issue:
I have followed the updated values from here and it worked fine:
https://github.com/elastic/helm-charts/blob/master/elasticsearch/examples/openshift/values.yaml
The trick is to disable sysctlInitContainer :)
from zammad-helm.
monotek
commented on July 29, 2024
Elasticsearch is installed via dependency chart. See:
https://github.com/zammad/zammad-helm/blob/master/zammad/Chart.yaml#L18
So you would need to configure elasticsearch related stuff via config values of that chart. See:
https://github.com/elastic/helm-charts/blob/master/elasticsearch/values.yaml#L110
from zammad-helm.
ajeetratnu
commented on July 29, 2024
Elasticsearch is installed via dependency chart. See:
https://github.com/zammad/zammad-helm/blob/master/zammad/Chart.yaml#L18So you would need to configure elasticsearch related stuff via config values of that chart. See:
https://github.com/elastic/helm-charts/blob/master/elasticsearch/values.yaml#L110
Hi, I tried it by creating my-values.yaml file like below. But its not taking these values and always failing with same error. Do I have to give it somewhere else?
image:
repository: my-repo-path/zammad-docker-compose
tag: zammad-4.0.0-7
pullPolicy: Always
imagePullSecrets:
- name: "my-pull-secret"
elasticsearch:
image: "my-repo-path/zammad-docker-compose"
imageTag: "zammad-elasticsearch-4.0.0-7"
imagePullPolicy: Always
podSecurityPolicy:
spec:
privileged: false
runAsUser:
rule: MustRunAsNonRoot
memcached:
image:
registry: my-repo
repository: path/memcached
postgresql:
image:
registry: my-repo
repository: path/postgresql
Below is the error:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedCreate 8s (x15 over 90s) statefulset-controller create Pod zammad-master-0 in StatefulSet zammad-master failed error: pods "zammad-master-0" is forbidden: PodSecurityPolicy: unable to admit pod: [spec.initContainers[0].securityContext.runAsUser: Invalid value: 0: running with the root UID is forbidden spec.initContainers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed spec.initContainers[0].securityContext.runAsUser: Invalid value: 0: running with the root UID is forbidden spec.initContainers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed]
from zammad-helm.
monotek
commented on July 29, 2024
You can try the following command to see, if your config works:
helm template . -f your-values.yaml
I've tried your config and the podSecurityPolicy in the elasticsearch statefuleset took the values:
podSecurityPolicy:
spec:
privileged: false
runAsUser: MustRunAsNonRoot
But questions about configuring the elasticsearch chart are out of scope of the zammad chart.
Please ask in: https://github.com/elastic/helm-charts
Closing.
from zammad-helm.
Related Issues (20)
- Unable to attach or mount volumes: unmounted volumes=[zammad-var] HOT 3
- Unable to restart due `elasticsearch-init` container HOT 1
- auto_wizard settings do not work HOT 3
- BUG/Enhancement - Elastic-search init container HOT 4
- Feature Request - Add ssl option to postgres HOT 12
- Elasticsearch configured in discovery mode, even though it is single-node HOT 5
- Authentication for memcached? HOT 4
- [FR] customization settings persistent file HOT 3
- customInit: Can't find config setting HOT 2
- Running zammad with `replicas > 1` HOT 14
- Missing probes for scheduler HOT 1
- Locale and Translation updates missing
- Add support for S3 storage
- Why duplicate login credentials in values? HOT 5
- Postgresql credentials should be percent encoded HOT 8
- S3 storage: Not using correct credentials when using existing secret for minio auth
- S3 storage with existing auth not working in combination with argocd
- PGP integration fails with "Read-only file system @ rb_sysopen - /tmp/passphrase20240226-1-y4n5l9 (Errno::EROFS)"
- Ability to label deployed resources HOT 5
- Can't upgrade/Install any charts v10.3.X. Version 10.2.1 works HOT 14
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zammad-helm.