Some pods don't get started properly

[RHRolun]

Installed the operator through the helm chart according to https://github.com/opendatahub-io-contrib/airflow-on-openshift#install-airflow-via---set on an RHPDS demo environment of OpenShift 4.12
Some pods start running properly but most don't:

All have the same error:

sqlalchemy.exc.OperationalError: (psycopg2.OperationalError) connection to server at "airflow-postgresql.airflow" (172.30.137.62), port 5432 failed: Connection refused
Is the server running on that host and accepting TCP/IP connections?

[codekow]

This is an issue with the stateful set airflow-postgresql

create Pod airflow-postgresql-0 in StatefulSet airflow-postgresql failed error: pods "airflow-postgresql-0" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider "pipelines-scc": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: []int64{1001}: 1001 is not an allowed group, spec.containers[0].securityContext.runAsUser: Invalid value: 1001: must be in the ranges: [1000820000, 1000829999], provider restricted: .spec.securityContext.fsGroup: Invalid value: []int64{1001}: 1001 is not an allowed group, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid":

[shalberd]

I made it running with input from the airflow helm charts maintainer, taking into account securitycontextconstraints, group and user ids and so on. I have a working delta of the values.yaml, just have not found time to submit a PR here yet.
The list of values in the documentation here is incomplete so far, will submit a PR soon. I highly recommend not using the mucked up postgres image that comes with the helm charts.

Working together with @thesuperzapper helped a lot airflow-helm/charts#578 (comment)

[shalberd]

Ok, here we go.

Airflow-scheduler has the git-sync in it, I believe. I am using that mechanism, working fine.

Here are my deltas to the default values.yaml, my working values of values.yaml on the left.

I prefer using the yaml approach over command-line passing of vars, especially due to weird bugs with special characters and all that.

Do make sure you replace the gid or uid values or runAsUser with the correct namespace-level value of GID and / or UID.
In my case, from the airflow namespace range, GID and UID were equal, makes sense, as Openshift standard.

# get project e.g. airflow, newly-created
PROJECT=$(oc project -q)

# get openshift uid/gid range
CHART_UID=$(oc get project ${PROJECT} -o jsonpath="{['metadata.annotations.openshift\.io/sa\.scc\.uid-range']}" | sed "s@/.*@@")
CHART_GID=$(oc get project ${PROJECT} -o jsonpath="{['metadata.annotations.openshift\.io/sa\.scc\.supplemental-groups']}" | sed "s@/.*@@")

#use this value in the sections of values.yaml

echo $CHART_UID

@codekow @RHRolun I used postgres crunchy operator instead of the standard postgres container coming with the helm charts, don't get too hung up on that, I believe you get the idea. I didn't see any way to make that mucked up postgres image work on openshift, so I'd say just use Crunchy Postgres via OLM. I mean, even in the charts, it says not recommended for serious use or so (the included postgres) :-) so ... postgressql.enabled false

Context should be clear from the screenshots. I used airflow 2.5.3

helm upgrade --install airflow apache-airflow/airflow --namespace ${PROJECT} -f values_sven.yaml

[codekow]

Issue addressed in PR #9