You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
local on rancher desktop, docker desktop, microk8s
One of our pods has a 'data' volume used by the application (Jupyter). This has a very simple pvc definition. No security context section is defined
When using openshift (with the default 'restricted' security context, the user specified in the container is ignored, and a random userid is allocated. But openshift will inject appropriate content (in the admission controller) into the pvc to ensure the container has write permissions to the volume).
On rancher etc, the pod runs under the container-specified user, but is also able to write fine.
However on AKS with 1.23 & 1.25 the volume is only writeable by root - and so the app fails.
I'm trying to figure out the simplest, defaultable approach to try and get the same definitions workable across openshift, rancher & AKS to make it as easy as possible for the newbie user who just wants to play with the app.
I could add conditional logic in the helm chart (and also an operator we have) if needed - tips welcome?
Unfortunately I'm new to AKS, and only have a tiny budget (MSDN license holder free spend) - and so AKS support sits in the 'would be nice if' category - but I'd like to do what we can.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I develop some helm charts for our project https://github.com/odpi/egeria-charts - these are used for demo/education use rather than production
So far users have been running
One of our pods has a 'data' volume used by the application (Jupyter). This has a very simple pvc definition. No security context section is defined
When using openshift (with the default 'restricted' security context, the user specified in the container is ignored, and a random userid is allocated. But openshift will inject appropriate content (in the admission controller) into the pvc to ensure the container has write permissions to the volume).
On rancher etc, the pod runs under the container-specified user, but is also able to write fine.
However on AKS with 1.23 & 1.25 the volume is only writeable by root - and so the app fails.
I'm trying to figure out the simplest, defaultable approach to try and get the same definitions workable across openshift, rancher & AKS to make it as easy as possible for the newbie user who just wants to play with the app.
I could add conditional logic in the helm chart (and also an operator we have) if needed - tips welcome?
Unfortunately I'm new to AKS, and only have a tiny budget (MSDN license holder free spend) - and so AKS support sits in the 'would be nice if' category - but I'd like to do what we can.
Refs:
Beta Was this translation helpful? Give feedback.
All reactions