-
Notifications
You must be signed in to change notification settings - Fork 949
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenShift Installation #985
Comments
Hello, Tried with: kubernetes_use_configmaps: "true" All outputs are the same with @steveyang95 Also I tried to start cluster in privileged mode w/o kubernetes_use_configmaps, but got this error.
So, could you please test your installation in Openshift 4.4.3 and give a feedback. Many thanks, |
Maybe @ReSearchITEng, you can opt in here as our OpenShift user. I think, you can not simply take the Spilo image as is, but must make sure it runs in rootless mode. |
Hey team, Do you have any updates here? |
@steveyang95 and @yaroslavkasatikov can you check if the solution described here helps? Setting the On the other hands, as per docs this param is also not required for OpenShift. Maybe you can choose a previous Spilo release with the v1.5.0 operator? Then we can better tell, where the incompatibility is coming from. |
I would look into privileges of the pod, seems Patroni (within the Postgres pod) is not allowed to do leader election. So you may lack pod privileges to update/write config maps which are used on open shift for election. |
@yaroslavkasatikov on openshift you have to set kubernetes_use_configmaps. When using endpoints Patroni is trying to update subsets with the IP address of the pod which is running as primary, and on OpenShift it is not allowed :( |
@steveyang95 and @yaroslavkasatikov can you try to extend the cluster role used by the Pods and hence Patroni to be able to read and update ConfigMaps? I guess, simply replacing endpoints here with configmaps should be fine. Can you try? |
@steveyang95 @yaroslavkasatikov Please set DEBUG messages, so we'll get better understanding what resource is OCP rejecting. More on OCP 4.3 we use:
When you install the cluster, make sure you comment out:
As the OCP SCC will allocate dynamically user/group, and newer spilo images know how to dynamically chown to that at startup. |
Yes, OCP 4.4 (based on k8s 1.17), cluster pods (spilo) gives errors:
<grants, etc all ok>
DB looks up (psql command in the pod workds), but, cluster is in "SyncFailed" status. |
Solution:
on top of existing:
on top of existing.
|
I think you also need
|
Related: #1327 |
shouldn't the operator provide whatever RBAC permissions needed, else it becomes a bit hackish and not so automated. |
Even when kubernetes_use_configmaps is set the operator stills tries to create endpoints which are not allowed on OpenShift. Probably related to this PR: Can somebody of the maintainers have a look at this PR? Thx! The only way I'm able to install the operator on OpenShift is to use an older version 1.6.3 and unset kubernetes_use_configmaps for the deployment to fail and add endpoint/restricted to postgres-pod cluster-role. resources:
endpoint/restricted can not be there from the start. This trick doesn't seem to work with the latest version (1.7.x) or the main branch. If somebody else is able to install the operator on OpenShift please share your config. Thx! |
Hi!
Is there any formal documentation or directions that people can write up to get setup on OpenShift?
I have followed the following without much luck:
#852 (comment)
I am running on OpenShift 4.4 and my OpenShift cluster creation logs says: API v1.17.1 up
Error
I have also set
kubernetes_use_configmaps: "true"
.These are the commands that I run:
My configmap.yaml:
I have also tried the following and got same ApiException()
The text was updated successfully, but these errors were encountered: