noobaa-core
noobaa-core copied to clipboard
noobaa
Question: getting following error while installing lastest noobaa build for both normal and nsfs bulid
create Pod noobaa-db-0 in StatefulSet noobaa-db failed error: pods "noobaa-db-0" is forbidden: unable to validate against any security context constraint: [spec.initContainers[0].securityContext.runAsUser: Invalid value: 10001: must be in the ranges: [1000700000, 1000709999] spec.containers[0].securityContext.runAsUser: Invalid value: 10001: must be in the ranges: [1000700000, 1000709999]]
Hi @vamseekrishna25
Openshift version?
Noobaa version?
How did you install - with CLI noobaa install?
Perhaps you have default annotations in the namespace for which uid ranges can be used? (try kubectl get ns NNN -o yaml)
notice that noobaa install will deploy the SCC -
https://github.com/noobaa/noobaa-operator/blob/2ddca699c8f510a4a63b66742df32cfedd4bddc1/pkg/operator/operator.go#L102
https://github.com/noobaa/noobaa-operator/blob/master/deploy/scc.yaml
Perhaps you can check if you have this SCC deployed?
hi @guymguym my openshift version is 4.7.4 and noobaa version I am trying to install is master-20210511-nsfs or master-20210511 or 5.7.0 I have installed using the CLI command noobaa install --db-storage-class='ibm-spectrum-scale-csi-lt' --db-volume-size-gb=5 --pv-pool-default-storage-class='ibm-spectrum-scale-csi-lt' --noobaa-image='noobaa/noobaa-core:master-20210511-nsfs' --operator-image='noobaa/noobaa-operator:master-20210511-nsfs' --image-pull-secret='regcred'
the scc.yaml provided above didn't work until I changed the service account from system:serviceaccount:openshift-storage:noobaa to system:serviceaccount:noobaa:noobaa .
using the reference https://github.com/noobaa/noobaa-operator/issues/539
but now I am getting this error after creating the scc
Unable to attach or mount volumes: unmounted volumes=[noobaastorage tmp-logs-vol default-token-bjr8k], unattached volumes=[noobaastorage tmp-logs-vol default-token-bjr8k]: timed out waiting for the condition
MountVolume.MountDevice failed while expanding volume for volume "pvc-55835d88-a8df-44ab-9bae-92a78fcba68f" : mountVolume.NodeExpandVolume get PVC failed : persistentvolumeclaims "noobaa-default-backing-store-noobaa-pvc-5e85efad" is forbidden: User "system:node:worker2.deeghuge2.cp.fyre.ibm.com" cannot get resource "persistentvolumeclaims" in API group "" in the namespace "noobaa": no relationship found between node 'worker2.deeghuge2.cp.fyre.ibm.com' and this object
where noobaa-default-backing-store-noobaa-pod-5e85efad pod is continuously creating and terminating
oc get pods NAME READY STATUS RESTARTS AGE noobaa-core-0 1/1 Running 10 70m noobaa-db-0 1/1 Running 0 6m28s noobaa-default-backing-store-noobaa-pod-5e85efad 0/1 Terminating 0 6s noobaa-endpoint-cff46cbc-tr7mm 1/1 Running 0 5m7s noobaa-operator-89bbd5dd6-btw8r 1/1 Running 0 70m noobaa status INFO[0001] CLI version: 5.7.0 INFO[0001] noobaa-image: noobaa/noobaa-core:5.7.0 INFO[0001] operator-image: noobaa/noobaa-operator:5.7.0 INFO[0001] noobaa-db-image: centos/mongodb-36-centos7 INFO[0001] Namespace: noobaa INFO[0001] INFO[0001] CRD Status: INFO[0001] ✅ Exists: CustomResourceDefinition "noobaas.noobaa.io" INFO[0001] ✅ Exists: CustomResourceDefinition "backingstores.noobaa.io" INFO[0001] ✅ Exists: CustomResourceDefinition "namespacestores.noobaa.io" INFO[0001] ✅ Exists: CustomResourceDefinition "bucketclasses.noobaa.io" INFO[0001] ✅ Exists: CustomResourceDefinition "objectbucketclaims.objectbucket.io" INFO[0001] ✅ Exists: CustomResourceDefinition "objectbuckets.objectbucket.io" INFO[0001] INFO[0001] Operator Status: INFO[0001] ✅ Exists: Namespace "noobaa" INFO[0001] ✅ Exists: ServiceAccount "noobaa" INFO[0001] ✅ Exists: Role "noobaa" INFO[0001] ✅ Exists: RoleBinding "noobaa" INFO[0001] ✅ Exists: ClusterRole "noobaa.noobaa.io" INFO[0001] ✅ Exists: ClusterRoleBinding "noobaa.noobaa.io" INFO[0001] ✅ Exists: Deployment "noobaa-operator" INFO[0001] INFO[0001] System Status: INFO[0001] ✅ Exists: NooBaa "noobaa" INFO[0001] ✅ Exists: StatefulSet "noobaa-core" INFO[0001] ✅ Exists: Service "noobaa-mgmt" INFO[0001] ✅ Exists: Service "s3" INFO[0001] ✅ Exists: StatefulSet "noobaa-db" INFO[0001] ✅ Exists: Service "noobaa-db" INFO[0001] ✅ Exists: Secret "noobaa-server" INFO[0001] ✅ Exists: Secret "noobaa-operator" INFO[0001] ✅ Exists: Secret "noobaa-endpoints" INFO[0001] ✅ Exists: Secret "noobaa-admin" INFO[0001] ✅ Exists: Secret "noobaa-root-master-key" INFO[0001] ✅ Exists: StorageClass "noobaa.noobaa.io" INFO[0001] ✅ Exists: BucketClass "noobaa-default-bucket-class" INFO[0001] ✅ Exists: Deployment "noobaa-endpoint" INFO[0001] ✅ Exists: HorizontalPodAutoscaler "noobaa-endpoint" INFO[0001] ✅ (Optional) Exists: BackingStore "noobaa-default-backing-store" INFO[0001] ⬛ (Optional) Not Found: CredentialsRequest "noobaa-aws-cloud-creds" INFO[0001] ⬛ (Optional) Not Found: CredentialsRequest "noobaa-azure-cloud-creds" INFO[0001] ⬛ (Optional) Not Found: Secret "noobaa-azure-container-creds" INFO[0001] ⬛ (Optional) Not Found: Secret "noobaa-gcp-bucket-creds" INFO[0001] ⬛ (Optional) Not Found: CredentialsRequest "noobaa-gcp-cloud-creds" INFO[0001] ✅ (Optional) Exists: PrometheusRule "noobaa-prometheus-rules" INFO[0001] ✅ (Optional) Exists: ServiceMonitor "noobaa-mgmt-service-monitor" INFO[0001] ✅ (Optional) Exists: ServiceMonitor "s3-service-monitor" INFO[0001] ✅ (Optional) Exists: Route "noobaa-mgmt" INFO[0001] ✅ (Optional) Exists: Route "s3" INFO[0001] ✅ Exists: PersistentVolumeClaim "db-noobaa-db-0" INFO[0001] ✅ System Phase is "Ready" INFO[0001] ✅ Exists: "noobaa-admin"
#------------------# #- Backing Stores -# #------------------#
NAME TYPE TARGET-BUCKET PHASE AGE noobaa-default-backing-store pv-pool Creating 5m10s
#------------------# #- Bucket Classes -# #------------------#
NAME PLACEMENT NAMESPACE-POLICY PHASE AGE noobaa-default-bucket-class {"tiers":[{"backingStores":["noobaa-default-backing-store"]}]} null Verifying 5m10s
#-----------------# #- Bucket Claims -# #-----------------#
No OBCs found.
but when I tried to install noobaa using image 5.5.0-nsfs noobaa is working fine in my cluster please let me know what went wrong
