When trying to create opensearch container in OpenShift the issue with privileged is appeared #512
Comments
thtarstar
added
bug
|
Interested to know if there are any updates to this, as i'm having the same issue trying to deploy Opensearch in an Openshift cluster without privileged access and I'm facing the same error If someone has managed to make it work, I would appreciate more insight. |
|
@prudhvigodithi The first 2 issues (#369 and #384) are NOT OpenShift-specific; they are related to Kubernetes security best-practices. Even the 3rd issue (#480) is more a K8s security best practices issue than an OpenShift issue (although OpenShift is mentioned). These issue may crop up on OpenShift because it enforces/requires some of these best-practices but the underlying issue is that the OpenSearch container image is not configured securely. This is surprising since I suspect the AWS OpenSearch service has resolved these same issues. Unfortunately, some of these cannot be fixed via Helm chart changes and must be addressed in the container image itself. |
|
Thanks @gsmith-sas, what I was trying to say was it would be great if we can refactor the chart/docker-image or show us some pointers on how to still make it work with OpenShift enforcements. @gsmith-sas can you please elaborate more or open to contribute? to make sure there are no issues with OpenShift and works the same like other clusters. We can ignore this issue #369 as its more related to PA plugin writing logs to the read-only filesystem. Adding @bbarani @peterzhuamazon @TheAlgo |
getsaurabh02
moved this from 🆕 New
to Later (6 months plus)
in Engineering Effectiveness Board
Describe the bug
After trying to create opensearch container in OpenShift(OKD cluster) had an error:
Warning Failed 95m (x1075 over 5h38m) kubelet (combined from similar events): Error: container create failed: time="2023-12-20T15:56:36+02:00" level=error msg="runc create failed: unable to start container process: exec: "./opensearch-docker-entrypoint.sh": stat ./opensearch-docker-entrypoint.sh: permission denied
Looks like OpenShift is crying for OpenSearch running as privileged container in cluster.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Chart Name
Specify the Chart which is affected?
Screenshots
If applicable, add screenshots to help explain your problem.
Host/Environment (please complete the following information):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: