You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2020/01/30 12:13:44 UTC
[GitHub] [couchdb-helm] alwinmark commented on issue #13: Couchdb pods
perpetually crashing under OpenShift
alwinmark commented on issue #13: Couchdb pods perpetually crashing under OpenShift
URL: https://github.com/apache/couchdb-helm/issues/13#issuecomment-580225120
No its just silently failing exiting 1 as well on Rancher with PSPs enabled.
Guess this Chart or the default Container does not work well without certain privileges or rights.
```
- containerID: docker://41e114505ff6963276d07ae001be4cb4794e1b79532930c1aec8b51107304263
image: couchdb:2.3.1
imageID: docker-pullable://couchdb@sha256:da2d31cc06455d6fc12767c4947c6b58e97e8cda419ecbe054cc89ab48420afa
lastState:
terminated:
containerID: docker://41e114505ff6963276d07ae001be4cb4794e1b79532930c1aec8b51107304263
exitCode: 1
finishedAt: 2020-01-30T12:09:42Z
reason: Error
startedAt: 2020-01-30T12:09:41Z
name: couchdb
ready: false
restartCount: 2
started: false
state:
waiting:
message: back-off 20s restarting failed container=couchdb pod=couchdb-tischi-test-couchdb-0_connect(7af5e9ca-38b1-493b-9170-5a58da8c4b5c)
reason: CrashLoopBackOff
hostIP: 172.21.1.113
initContainerStatuses:
- containerID: docker://3be2b192ab8e92628082527f39aa7db417708c55fac2cb0cdf1823078a0e0988
image: busybox:latest
imageID: docker-pullable://busybox@sha256:6915be4043561d64e0ab0f8f098dc2ac48e077fe23f488ac24b665166898115a
lastState: {}
name: init-copy
ready: true
restartCount: 0
state:
terminated:
containerID: docker://3be2b192ab8e92628082527f39aa7db417708c55fac2cb0cdf1823078a0e0988
exitCode: 0
finishedAt: 2020-01-30T12:09:29Z
reason: Completed
startedAt: 2020-01-30T12:09:29Z
```
Logs are empty even with `--previous`.
In order to reproduce, run K8s cluster with follwoing PSP:
```
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
labels:
name: restricted-psp
spec:
allowPrivilegeEscalation: false
fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs
requiredDropCapabilities:
- ALL
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
- persistentVolumeClaim
```
as it is default by Rancher and similar to OKD when enabling PSPs/SecurityContextClasses
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services