Loading

Openshift cluster with Arc enabled SQL Server managed instance

reference

https://docs.microsoft.com/en-us/azure/azure-arc/data/create-sql-managed-instance-using-kubernetes-native-tools

issue encountered:
  • failed to create resource and error msg like below
FailedCreate replicaset/bootstrapper-796c4c67db Error creating: pods 'bootstrapper-796c4c67db-' is forbidden: unable to validate against any security context constraint: [provider 'anyuid': Forbidden: not usable by user or serviceaccount, provider restricted: .spec.securityContext.fsGroup: Invalid value: []int64{1000700001}: 1000700001 is not an allowed group, spec.containers[0].securityContext.runAsUser: Invalid value: 1000700001: must be in the ranges: [1000690000, 1000699999], provider 'nonroot': Forbidden: not usable by user or serviceaccount, provider 'hostmount-anyuid': Forbidden: not usable by user or serviceaccount, provider 'machine-api-termination-handler': Forbidden: not usable by user or serviceaccount, provider 'hostnetwork': Forbidden: not usable by user or serviceaccount, provider 'hostaccess': Forbidden: not usable by user or serviceaccount, provider 'kube-aad-proxy-scc': Forbidden: not usable by user or serviceaccount, provider 'node-exporter': Forbidden: not usable by user or serviceaccount, provider 'privileged': Forbidden: not usable by user or serviceaccount, provider 'privileged-genevalogging': Forbidden: not usable by user or serviceaccount]

resolution:

You created custom SCC with the service account and you were able to deploy data controller and arc SQL MI

oc adm policy add-scc-to-user privileged system:serviceaccount:arcdataservices:default
oc adm policy add-scc-to-user privileged system:serviceaccount:arcdataservices:sa-arc-metricsdc-reader”
posted @ 2022-06-22 10:18  Jas0n0ss  阅读(150)  评论(0编辑  收藏  举报