intellij-kubernetes
intellij-kubernetes copied to clipboard
Published
20 hours ago •
redhat-developer
redhat-developer
As a user I want to see the events which tell me the reasons for ex. a deployment that does not create pods
Steps:
- EXEC: launch a cluster with the cluster bot (you need quite some resources)
- EXEC: push the following to the cluster using an editor
apiVersion: apps/v1
kind: Deployment
metadata:
name: gpt4all-deployment
spec:
replicas: 1
selector:
matchLabels:
app: gpt4all
template:
metadata:
labels:
app: gpt4all
spec:
containers:
- name: gpt4all-container
image: runpod/gpt4all
ports:
- containerPort: 80 # Adjust the port as needed
Result: The deployment is created but no pods are created for it. When looking in the web console into the events you discover the reason, it is missing security elements:
Error creating: pods "gpt4all-deployment-7cd57494c7-plhz8" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "gpt4all-container" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "gpt4all-container" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "gpt4all-container" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "gpt4all-container" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
Without the events I dont know why the pods are not created.
The corrected deployment is as follows:
apiVersion: apps/v1
kind: Deployment
metadata:
name: gpt4all-deployment
spec:
replicas: 1
selector:
matchLabels:
app: gpt4all
template:
metadata:
labels:
app: gpt4all
spec:
containers:
- name: gpt4all-container
image: runpod/gpt4all
ports:
- containerPort: 80 # Adjust the port as needed
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault # or "Localhost"
