[jboss-jira] [JBoss JIRA] (WFWIP-156) spec.containers[0].securityContext.securityContext.runAsUser: Invalid value: 1000: must be in the ranges: [1000080000, 1000089999]

Martin Choma (Jira) issues at jboss.org
Mon Mar 25 05:42:00 EDT 2019 

    [ https://issues.jboss.org/browse/WFWIP-156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13712562#comment-13712562 ] 

Martin Choma commented on WFWIP-156:
------------------------------------

Eap images can run with any uid. They make it by running as root group https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines.

{code}
Marek Schmidt: @Martin Choma https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines
Martin Choma: hmm, I cant find similar steps in cct_module, jboss-eap-modules, jboss-container-images. Searching chgrp and anyuid
Marek Schmidt: @Martin Choma https://github.com/jboss-openshift/cct_module/blob/master/jboss/container/java/run/bash/artifacts/opt/jboss/container/java/run/run-java.sh#L221
Marek Schmidt: @Martin Choma this is also an important piece https://github.com/jboss-openshift/cct_module/blob/master/jboss/container/user/configure.sh#L8
Marek Schmidt: @Martin Choma Basically the idea is: 1. Make any file owned by the jboss:root 2. make the jboss user part of the root group, 3. hack /etc/passwd at runtime to make the runtime UID user the "jboss" user
Martin Choma: thanks, that is answers my question
{code}

> spec.containers[0].securityContext.securityContext.runAsUser: Invalid value: 1000: must be in the ranges: [1000080000, 1000089999]
> ----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WFWIP-156
>                 URL: https://issues.jboss.org/browse/WFWIP-156
>             Project: WildFly WIP
>          Issue Type: Bug
>            Reporter: Martin Choma
>            Assignee: Jeff Mesnil
>            Priority: Major
>
> Trying https://github.com/jmesnil/wildfly-operator/blob/master/README.adoc to install operator on OpenShift. I get error.
> {noformat}
> create Pod myapp-wildflyserver-0 in StatefulSet myapp-wildflyserver failed error: pods "myapp-wildflyserver-0" is forbidden: unable to validate against any security context constraint: [spec.containers[0].securityContext.securityContext.runAsUser: Invalid value: 1000: must be in the ranges: [1000080000, 1000089999]]
> {noformat}



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list