This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Missing entries in security context constraint template when installing Kubernetes Agent in OpenShift

Kubernetes' command-line tool is kubectl, while OphenShift uses oc, a typically compatible variant. To support non-OpenShift clusters, the FlexNet Manager for Engineering Applications’ installation script (install.sh) uses kubectl instead of oc. If you’re using oc, the installation script's incompatibility with oc command will cause the security context constraint template to be missing the following entries.

  • allowHostDirVolumePlugin: true
  • allowHostIPC: true
  • allowHostNetwork: true
  • allowHostPID: true
  • allowHostPorts: true
  • readOnlyRootFilesystem: true

This will result in errors when the SecurityContextConstraints are applied to the cluster:

error: error validating "STDIN": error validating data: [ValidationError(SecurityContextConstraints): missing required field "allowHostDirVolumePlugin" in io.openshift.security.v1.SecurityContextConstraints, ValidationError(SecurityContextConstraints): missing required field "allowHostIPC" in io.openshift.security.v1.SecurityContextConstraints, ValidationError(SecurityContextConstraints): missing required field "allowHostNetwork" in io.openshift.security.v1.SecurityContextConstraints, ValidationError(SecurityContextConstraints): missing required field "allowHostPID" in io.openshift.security.v1.SecurityContextConstraints, ValidationError(SecurityContextConstraints): missing required field "allowHostPorts" in io.openshift.security.v1.SecurityContextConstraints, ValidationError(SecurityContextConstraints): missing required field "readOnlyRootFilesystem" in io.openshift.security.v1.SecurityContextConstraints]; if you choose to ignore these errors, turn validation off with --validate=false

Workarounds

There are two workarounds for the issue.

  • Apply the SecurityContextConstraints to the cluster manually using oc:
    cd flexera-kubernetes-agents-{version}/krm-{version}/
    oc apply -f config/openshift/securitycontextconstraints.yaml

Or

  • Instruct the installation script to use oc in place of kubectl:
    cd flexera-kubernetes-agents-{version}/krm-{version}/
    KUBECTL=oc ./install.sh [options]

 

‎Jan 06, 2023 10:45 AM

Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Jan 06, 2023 10:40 AM
Updated by:
Community Manager Community Manager