Skip to content
This repository has been archived by the owner on Jun 23, 2020. It is now read-only.

Cannot be used in openshift #35

Closed
zetaab opened this issue Jan 11, 2019 · 2 comments
Closed

Cannot be used in openshift #35

zetaab opened this issue Jan 11, 2019 · 2 comments

Comments

@zetaab
Copy link
Contributor

zetaab commented Jan 11, 2019
edited
Loading

I am trying to run drone with kubernetes runtime in openshift. However, it cannot work because:

  volumes:
  - hostPath:
      path: /tmp/drone/zai6xqb3jgbxoh3lxx5xmibp1pxrgvu9/zai6xqb3jgbxoh3lxx5xmibp1pxrgvu9
      type: DirectoryOrCreate

https://kubernetes.io/docs/concepts/storage/volumes/

DirectoryOrCreate | If nothing exists at the given path, an empty directory will be created there as needed with permission set to 0755, having the same group and ownership with Kubelet.

this means that kubernetes will create folder with 755 (root is the owner). However, openshift by default does not allow executing containers as root.

That is why we should have possibility to configure privileged parameter to true in all pods.

    securityContext:
      privileged: false

I think privileged can be configured in case of normal step things. However, we need to possibility to configure it in other steps as well like clone etc
@zetaab
Copy link
Contributor Author

zetaab commented Jan 11, 2019 

% oc logs drone-job-2qqsb-xtjmp
{"arch":"amd64","build":3,"level":"info","machine":"openshift-test-node-1-1","msg":"runner: start execution","os":"linux","pipeline":"default","repo":"DevOps/event-operator","stage":1,"time":"2019-01-11T12:04:09Z"}
{"arch":"amd64","build":3,"level":"debug","machine":"openshift-test-node-1-1","msg":"runner: watch for kill signal","os":"linux","pipeline":"default","repo":"DevOps/event-operator","stage":1,"time":"2019-01-11T12:04:09Z"}
{"arch":"amd64","build":3,"error":"pods \"jl3n3by2wpxg5rytrkd1dhkhw8eitv0z\" is forbidden: unable to validate against any security context constraint: [spec.volumes[0]: Invalid value: \"hostPath\": hostPath volumes are not allowed to be used]","level":"info","machine":"openshift-test-node-1-1","msg":"runner: execution failed","os":"linux","pipeline":"default","repo":"DevOps/event-operator","stage":1,"time":"2019-01-11T12:04:10Z"}
{"arch":"amd64","build":3,"error":"pods \"jl3n3by2wpxg5rytrkd1dhkhw8eitv0z\" is forbidden: unable to validate against any security context constraint: [spec.volumes[0]: Invalid value: \"hostPath\": hostPath volumes are not allowed to be used]","level":"debug","machine":"openshift-test-node-1-1","msg":"runner: received kill signal","os":"linux","pipeline":"default","repo":"DevOps/event-operator","stage":1,"time":"2019-01-11T12:04:10Z"}

there should be somekind of mechanism how hostPath volumes could be used.

@bradrydzewski
Copy link
Member

the host volume mount is a temporary implementation. We are tracking a more permanent solution in issue #19.

stevecrozz pushed a commit to stevecrozz/drone-runtime that referenced this issue Jun 14, 2019
@bradrydzewski
Merge pull request drone#35 from drone/implement-cpu-resource
f53100b 
Implement cpu resource
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bradrydzewski @zetaab