-
Notifications
You must be signed in to change notification settings - Fork 701
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubeapps container fails with nginx error #1042
Comments
hi @LP0101, That is due to an update in the Nginx container. We have updated it to a new major version (1.6). This version ensures that if the container is run as |
We don't have any policies in place that affect user switching. However, if I deploy the bitnami/nginx image manually, Update: |
I got it deployed by setting the following values:
Not sure what caused the issue, but for now this fixed it |
mm, that's weird. Let me ask the team maintaining the image to check if something changes. I am using |
Running This is getting really weird now, though. Running the images with both the I've attached the logs below so you can see this behavious for yourself. I'm really at a loss about how to explain it. |
I was unable to reproduce the issue:
The error you're facing is due to the validation below: https://github.com/bitnami/bitnami-docker-nginx/blob/master/1.16/debian-9/rootfs/libnginx.sh#L160 When running the container as 'root', you need to provide the Nginx user/daemon using the env. variables NGINX_DAEMON_USER/NGINX_DAEMON_GROUP By default this container runs as a non-root user, see https://github.com/bitnami/bitnami-docker-nginx/blob/master/1.16/debian-9/Dockerfile#L32
|
We don't have any sort of policy in the cluster that prevents running as non-root user, as we have several docker images which also switch user, just as the nginx one does. Again, just to reiterate, the same image works as expected when running with the latest tag, but not when running with the 1.16.0-r28 tag. By which I mean, the user is properly being switched. Running that last command, this is the output I get:
Update: |
Does that mean that it works for you if you set the env var Another thing that you can try, when installing the kubeapps chart is to set the values |
Nope, I can deploy the r-29 image without any env vars being set. Just works out of the box as expected.
Ran this with the vanilla chart, so pulling the hardcoded images in the original values.yaml. Still results in the same error with the nginx container starting as root. |
So do we just need to update the chart to point to |
Was this a regression added in r28? What changed in r29 that makes it work now? |
There is no public change in the Maybe @juan131 can clarify if something changed in the image or in the base image that could affect that? |
I don't see any relevant change on the latest revisions @andresmgot |
@LP0101 can you confirm if the issue is still present? |
We've been wracking our brains about this for the past week, but recently stumbled upon this: kubernetes/kubernetes#78308 Turns out it wasn't an issue with kubeapps at all, but a general problem with Kubernetes, which explains the weird behaviour when using different tags. Closing this issue. |
oh wow, great find @LP0101 - thanks for the update! |
Thanks for the findings. I came across the same issue after deploying the latest bitnami/nginx chart successfully using Kubeapps. My env is minikube 1.1.0 (Kubernetes v1.14.2) which has the bug kubernetes/kubernetes#78308. minikube 1.2.0 (Kubernetes v1.15.0) should work. |
When deploying Kubeapps, I get the following nginx error:
I'm using the latest version of the chart. This error happens no matter how I try to deploy it, even with vanilla configuration.
the kubeapps-internal-dashboard pods have the same error
Edit: I tried deploying version 1.3 of the chart, I'm getting the same issue. We weren't having this issue a week ago when it was last deployed, so I have no idea what could have changed.
The text was updated successfully, but these errors were encountered: