[GitHub] [couchdb-helm] alwinmark commented on issue #13: Couchdb pods perpetually crashing under OpenShift

Thu, 30 Jan 2020 04:14:45 -0800 

alwinmark commented on issue #13: Couchdb pods perpetually crashing under 
OpenShift 
URL: https://github.com/apache/couchdb-helm/issues/13#issuecomment-580225120
 
 
   No its just silently failing exiting 1 as well on Rancher with PSPs enabled.
   Guess this Chart or the default Container does not work well without certain 
privileges or rights.
   
   ```
     - containerID: 
docker://41e114505ff6963276d07ae001be4cb4794e1b79532930c1aec8b51107304263
       image: couchdb:2.3.1
       imageID: 
docker-pullable://couchdb@sha256:da2d31cc06455d6fc12767c4947c6b58e97e8cda419ecbe054cc89ab48420afa
       lastState:
         terminated:
           containerID: 
docker://41e114505ff6963276d07ae001be4cb4794e1b79532930c1aec8b51107304263
           exitCode: 1
           finishedAt: 2020-01-30T12:09:42Z
           reason: Error
           startedAt: 2020-01-30T12:09:41Z
       name: couchdb
       ready: false
       restartCount: 2
       started: false
       state:
         waiting:
           message: back-off 20s restarting failed container=couchdb 
pod=couchdb-tischi-test-couchdb-0_connect(7af5e9ca-38b1-493b-9170-5a58da8c4b5c)
           reason: CrashLoopBackOff
     hostIP: 172.21.1.113
     initContainerStatuses:
     - containerID: 
docker://3be2b192ab8e92628082527f39aa7db417708c55fac2cb0cdf1823078a0e0988
       image: busybox:latest
       imageID: 
docker-pullable://busybox@sha256:6915be4043561d64e0ab0f8f098dc2ac48e077fe23f488ac24b665166898115a
       lastState: {}
       name: init-copy
       ready: true
       restartCount: 0
       state:
         terminated:
           containerID: 
docker://3be2b192ab8e92628082527f39aa7db417708c55fac2cb0cdf1823078a0e0988
           exitCode: 0
           finishedAt: 2020-01-30T12:09:29Z
           reason: Completed
           startedAt: 2020-01-30T12:09:29Z
   ```
   
   Logs are empty even with `--previous`.
   
   
   In order to reproduce, run  K8s cluster with follwoing PSP:
   
   ```
   apiVersion: policy/v1beta1
   kind: PodSecurityPolicy
   metadata:
     labels:
     name: restricted-psp
   spec:
     allowPrivilegeEscalation: false
     fsGroup:
       ranges:
       - max: 65535
         min: 1
       rule: MustRunAs
     requiredDropCapabilities:
     - ALL
     runAsUser:
       rule: RunAsAny
     seLinux:
       rule: RunAsAny
     supplementalGroups:
       ranges:
       - max: 65535
         min: 1
       rule: MustRunAs
     volumes:
     - configMap
     - emptyDir
     - projected
     - secret
     - downwardAPI
     - persistentVolumeClaim
   ```
   
   as it is default by Rancher and similar to OKD when enabling 
PSPs/SecurityContextClasses

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to