Skip to content
This repository has been archived by the owner on Oct 1, 2024. It is now read-only.

No ready pod for deployment grafana in ns istio-system when using kfctl_openshift_tekton_kfserving.v1.10.yaml #83

Open
shawnzhu opened this issue Oct 8, 2020 · 2 comments
Open

No ready pod for deployment grafana in ns istio-system when using kfctl_openshift_tekton_kfserving.v1.10.yaml #83

shawnzhu opened this issue Oct 8, 2020 · 2 comments

Comments

@shawnzhu
Copy link

shawnzhu commented Oct 8, 2020
edited
Loading

After deploying kfctl_openshift_tekton_kfserving.v1.10.yaml successfully, I found no pod for deployment grafana.

When running oc get deploy -n istio-system -o yaml grafana, it will show messages like:

   message: 'pods "grafana-68bcfd88b6-" is forbidden: unable to validate against
      any security context constraint: [fsGroup: Invalid value: []int64{472}: 472
      is not an allowed group spec.containers[0].securityContext.securityContext.runAsUser:
      Invalid value: 472: must be in the ranges: [1000930000, 1000939999]]'
    reason: FailedCreate

I noticed that it doesn't specify any service account nor SCC for it. so guess it needs to add it to allow fsGroup id 472
@Tomcli
Copy link
Contributor

Tomcli commented Oct 8, 2020

Thanks @shawnzhu, what openshift environment did you test this on. We were testing it with Fyre Ember OCP 4.3 for this deployment.

@shawnzhu
Copy link
Author

shawnzhu commented Oct 8, 2020

my environment is an OpenShift from IBM Cloud:

$ oc version
Client Version: 4.3.23-202005230952-4fb2d4d
Server Version: 4.3.35
Kubernetes Version: v1.16.2+7279a4a

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shawnzhu @Tomcli