[jboss-jira] [JBoss JIRA] (WFWIP-156) spec.containers[0].securityContext.securityContext.runAsUser: Invalid value: 1000: must be in the ranges: [1000080000, 1000089999]

Monday, 25 March 2019

    [
https://issues.jboss.org/browse/WFWIP-156?page=com.atlassian.jira.plugin....
] 

Martin Choma edited comment on WFWIP-156 at 3/25/19 5:42 AM:
-------------------------------------------------------------

Eap images can run with any uid. They make it by running as root group
https://docs.openshift.com/container-platform/3.11/creating_images/guidel....

{code}
Marek Schmidt: @Martin Choma
https://docs.openshift.com/container-platform/3.11/creating_images/guidel...
Martin Choma: hmm, I cant find similar steps in cct_module, jboss-eap-modules,
jboss-container-images. Searching chgrp and anyuid
Marek Schmidt: @Martin Choma
https://github.com/jboss-openshift/cct_module/blob/master/jboss/container...
Marek Schmidt: @Martin Choma this is also an important piece
https://github.com/jboss-openshift/cct_module/blob/master/jboss/container...
Marek Schmidt: @Martin Choma Basically the idea is: 1. Make any file owned by the
jboss:root 2. make the jboss user part of the root group, 3. hack /etc/passwd at runtime
to make the runtime UID user the "jboss" user
Martin Choma: thanks, that answers my question
{code}

was (Author: mchoma):
Eap images can run with any uid. They make it by running as root group
https://docs.openshift.com/container-platform/3.11/creating_images/guidel....

{code}
Marek Schmidt: @Martin Choma
https://docs.openshift.com/container-platform/3.11/creating_images/guidel...
Martin Choma: hmm, I cant find similar steps in cct_module, jboss-eap-modules,
jboss-container-images. Searching chgrp and anyuid
Marek Schmidt: @Martin Choma
https://github.com/jboss-openshift/cct_module/blob/master/jboss/container...
Marek Schmidt: @Martin Choma this is also an important piece
https://github.com/jboss-openshift/cct_module/blob/master/jboss/container...
Marek Schmidt: @Martin Choma Basically the idea is: 1. Make any file owned by the
jboss:root 2. make the jboss user part of the root group, 3. hack /etc/passwd at runtime
to make the runtime UID user the "jboss" user
Martin Choma: thanks, that is answers my question
{code}

...
 spec.containers[0].securityContext.securityContext.runAsUser: Invalid
value: 1000: must be in the ranges: [1000080000, 1000089999]

----------------------------------------------------------------------------------------------------------------------------------

                 Key: WFWIP-156
                 URL: https://issues.jboss.org/browse/WFWIP-156
             Project: WildFly WIP
          Issue Type: Bug
            Reporter: Martin Choma
            Assignee: Jeff Mesnil
            Priority: Major

 Trying https://github.com/jmesnil/wildfly-operator/blob/master/README.adoc to install
operator on OpenShift. I get error.
 {noformat}
 create Pod myapp-wildflyserver-0 in StatefulSet myapp-wildflyserver failed error: pods
"myapp-wildflyserver-0" is forbidden: unable to validate against any security
context constraint: [spec.containers[0].securityContext.securityContext.runAsUser: Invalid
value: 1000: must be in the ranges: [1000080000, 1000089999]]
 {noformat} 

--
This message was sent by Atlassian Jira
(v7.12.1#712002)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-jira] [JBoss JIRA] (WFWIP-156) spec.containers[0].securityContext.securityContext.runAsUser: Invalid value: 1000: must be in the ranges: [1000080000, 1000089999]