Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Opensearch 2.15.0
Openshift environment
Describe the issue:
I’m trying to deploy an opensearch 2.15.0 on a client’s openshift cluster - but no matter what i change in values, I will having same issue as I’m gonna post below.
I’ve checked some discussions around but seems like the only way is to contact the cluster administrator?
First of all the issue is not that clear. By googling around it might be sysctl problem inasmuch it tries to set vm.max_map_count.
So I found out this:
https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html
RUN chgrp -R 0 /some/directory && chmod -R g+rwX /some/directory
So i downloaded opensearch and bitnami Dockerfile(tried both), modified it, gave permissions to all possibile directories.
But it didn’t work, same issue.
Also tried to change and delete UID & GID in Dockerfile, but nothing.
Is modifying Dockerfile is a good workaround of this problem? If so, what should I try?
If not, any others workarounds?
This is driving me crazy, because cluster admin is hard or impossible to reach, if so i need to wait weeks to obtain less restricted permissions.
Issue:
create Pod opensearch-cluster-master-0 in StatefulSet opensearch-cluster-master failed error: pods "opensearch-cluster-master-0" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: []int64{1001370001}: 1001370001 is not an allowed group, provider restricted-v2: .initContainers[0].runAsUser: Invalid value: 0: must be in the ranges: [1001370000, 1001379999], provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "elasticsearch-scc": Forbidden: not usable by user or serviceaccount, provider "logging-scc": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]I
Relevant Logs or Screenshots: