search cancel

VIp Authentication Hub installation on OpenShift fsGroup query

book

Article ID: 255633

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction

Why I have to fix the fsGroup in the apps that deploy in the OpenShift? by default in OpenShift this user is random.

For example in this parameters in the installation:

-set ssp.db.sslMode=REQUIRED --set ssp.global.securityContext.fsGroup=$((SSP_FSGROUP)) --set ssp.global.securityContext.runAsGroup=$((SSP_GID)) --set ssp.global.securityContext.runAsUser=$((SSP_UID))

Environment

Release : Oct.01

Platform : OpenShift

Resolution

In non-OS clusters we needed to use a fixed fsGroup to allow proper access to volumes. In OS (in the restricted scc) , the value of the fsGroup is determined by the value specified in the namespace. In order to maintain a canonical deployment approach, we set the fsGroup value to the required value.

We will explore the option of removing (un-setting) this value of fsGroup completely for OS in future.