Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

As a user I want to see the events which tell me the reasons for ex. a deployment that does not create pods #659

Open
adietish opened this issue Sep 15, 2023 · 0 comments
Open

As a user I want to see the events which tell me the reasons for ex. a deployment that does not create pods #659

adietish opened this issue Sep 15, 2023 · 0 comments
Milestone
1.4.0

Comments

@adietish
Copy link
Collaborator

adietish commented Sep 15, 2023
edited

Steps:

  1. EXEC: launch a cluster with the cluster bot (you need quite some resources)
  2. EXEC: push the following to the cluster using an editor
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gpt4all-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gpt4all
  template:
    metadata:
      labels:
        app: gpt4all
    spec:
      containers:
        - name: gpt4all-container
          image: runpod/gpt4all
          ports:
            - containerPort: 80 # Adjust the port as needed

Result:
The deployment is created but no pods are created for it. When looking in the web console into the events you discover the reason, it is missing security elements:

Error creating: pods "gpt4all-deployment-7cd57494c7-plhz8" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "gpt4all-container" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "gpt4all-container" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "gpt4all-container" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "gpt4all-container" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

Without the events I dont know why the pods are not created.

The corrected deployment is as follows:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: gpt4all-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gpt4all
  template:
    metadata:
      labels:
        app: gpt4all
    spec:
      containers:
        - name: gpt4all-container
          image: runpod/gpt4all
          ports:
            - containerPort: 80 # Adjust the port as needed
          securityContext:
            allowPrivilegeEscalation: false
            runAsNonRoot: true
            capabilities:
              drop:
                - ALL
            seccompProfile:
              type: RuntimeDefault # or "Localhost"
@mohitsuman mohitsuman added this to the 1.4.0 milestone Apr 3, 2024
@adietish adietish removed their assignment Apr 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
IDE Raptors
Status: No status
Milestone
1.4.0
Development

No branches or pull requests
2 participants
@adietish @mohitsuman