[jira] [Work logged] (KNOX-3304) Support for Openshift/SCC

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-3304?focusedWorklogId=1016944&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1016944
 ]

ASF GitHub Bot logged work on KNOX-3304:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 23/Apr/26 00:37
            Start Date: 23/Apr/26 00:37
    Worklog Time Spent: 10m 
      Work Description: sneethiraj commented on PR #1209:
URL: https://github.com/apache/knox/pull/1209#issuecomment-4300874200

   @moresandeep  -  The Docker build itself will NOT fail. But, the command to 
get the certs failed and since we have  "|| true" added after each cert 
download using curl, the failures are ignored. I just noticed on the screen and 
also found the import was throwing an error .....
   
   After the build with latest code, it looks good. +1 for PR.
   ```
   + kc logs -f -n knox knox-gateway-5cd46cffbb-6r9r6
   Using default knox master secret
   WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will 
impact performance.
   Master secret has been persisted to disk.
   Generating knox.token.hash.key alias ...
   WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will 
impact performance.
   knox.token.hash.key has been successfully created.
   Using provided keystore password file
   INFO: Importing certificate [/home/knox/cacrts/AmazonRootCA1.cer] into 
truststore
   Certificate was added to keystore
   INFO: Importing certificate [/home/knox/cacrts/AmazonRootCA2.cer] into 
truststore
   Certificate was added to keystore
   INFO: Importing certificate [/home/knox/cacrts/AmazonRootCA3.cer] into 
truststore
   Certificate was added to keystore
   INFO: Importing certificate [/home/knox/cacrts/AmazonRootCA4.cer] into 
truststore
   Certificate was added to keystore
   INFO: Importing certificate [/home/knox/cacrts/isrgrootx1.pem] into 
truststore
   Certificate was added to keystore
   INFO: Importing certificate [/home/knox/cacrts/isrg-root-x2.pem] into 
truststore
   Certificate was added to keystore
   Starting Knox gateway ...
   WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will 
impact performance.
   ```




Issue Time Tracking
-------------------

    Worklog Id:     (was: 1016944)
    Time Spent: 1h 10m  (was: 1h)

> Support for Openshift/SCC
> -------------------------
>
>                 Key: KNOX-3304
>                 URL: https://issues.apache.org/jira/browse/KNOX-3304
>             Project: Apache Knox
>          Issue Type: Task
>          Components: docker
>    Affects Versions: 2.1.0
>            Reporter: Sandeep More
>            Assignee: Sandeep More
>            Priority: Major
>         Attachments: 
> 0001-KNOX-3304-added-installation-of-curl-in-the-Docker.patch, 
> 0002-KNOX-3304-fixed-import-of-letsencrupt-root-cert.patch
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> The current docker image that is generated does not work with Openshift and 
> ECS platform due to restrictions imposed by the platforms. Specifically, 
> there are two requirements
>  # The helm chart that installs Knox image should use an arbitrary runAsUser
>  # The helm chart should not have any runAsGroup and fsUser 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)