-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Container creation fails for versions 0.11.1 and above #166
Comments
As reported similarly at crossplane-contrib/provider-aws#1786 (comment) and crossplane-contrib/provider-kubernetes#87 (comment), it seems my original issue was fixed over the time, so probably this provider-helm is also working right now (however untested). |
I ran into this issue with v0.17.0. It took a while to find out that happend if securityContext of the Pod is set different to 65532: ---
securityContext:
allowPrivilegeEscalation: false
privileged: false
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /tls/client
name: tls-client-certs
readOnly: true
- mountPath: /tls/server
name: tls-server-certs
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
serviceAccount: crossplane-provider-helm-9b3930bc8c9d
.... This can be fixed with a apiVersion: pkg.crossplane.io/v1beta1
kind: DeploymentRuntimeConfig
metadata:
name: default
spec:
deploymentTemplate:
spec:
selector: {}
template:
spec:
containers:
- name: package-runtime
securityContext:
allowPrivilegeEscalation: false
privileged: false
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
securityContext:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532 |
What happened?
HELM provider controller container creation fails with error
Error: failed to start container "provider-helm": Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: chdir to cwd ("/home/nonroot") set in config.json failed: permission denied: unknown
Similar issue for provider-aws and for provider-kubernetes.
The last working release is v0.11.0 and the current last release (v0.12.0) is still affected.
How can we reproduce it?
What environment did it happen in?
Crossplane version: 1.9.0, installed by Helm chart
k8s: Minikube with k8s v1.20.2
The text was updated successfully, but these errors were encountered: