无法在 openshift 中部署 mongodb 社区运营商更新：

如何解决无法在 openshift 中部署 mongodb 社区运营商更新：

我正在尝试使用以下命令在 openshift 3.11 中部署 mongodb 社区运营商

git clone https://github.com/mongodb/mongodb-kubernetes-operator.git
cd mongodb-kubernetes-operator 
oc new-project mongodb
oc create -f deploy/crds/mongodb.com_mongodb_crd.yaml -n mongodb
oc create -f deploy/operator/role.yaml -n mongodb
oc create -f deploy/operator/role_binding.yaml -n mongodb
oc create -f deploy/operator/service_account.yaml -n mongodb 
oc apply -f deploy/openshift/operator_openshift.yaml -n mongodb
oc apply -f deploy/crds/mongodb.com_v1_mongodb_openshift_cr.yaml -n mongodb

Operator pod 成功运行，但是 mongodb 副本集 pods 没有出现。错误如下

[kubenode@master mongodb-kubernetes-operator]$ oc get pods
NAME                                           READY     STATUS             RESTARTS   AGE
example-openshift-mongodb-0                    1/2       CrashLoopBackOff   4          2m
mongodb-kubernetes-operator-66bfcbcf44-9xvj7   1/1       Running            0          2m

[kubenode@master mongodb-kubernetes-operator]$ oc logs -f example-openshift-mongodb-0 -c  mongodb-agent
panic: Failed to get current user: user: unkNown userid 1000510000

goroutine 1 [running]:
com.tengen/cm/util.init.3()
        /data/mci/2f46ec94982c5440960d2b2bf2b6ae15/mms-automation/build/go-dependencies/src/com.tengen/cm/util/user.go:14 +0xe5

我已经解决了 https://github.com/mongodb/mongodb-kubernetes-operator 中关于此问题的所有问题，我认为将操作符、mongodb 和 mongodb-agent 容器中的环境变量 MANAGED_Security_CONTEXT 设置为 true 作为解决方案。我对所有这三个容器都这样做了，但仍然面临同样的问题。参考：https://github.com/mongodb/mongodb-kubernetes-operator/issues/58

这里确认环境变量设置正确：

[kubenode@master mongodb-kubernetes-operator]$ oc set env statefulset.apps/example-openshift-mongodb --list
# statefulsets/example-openshift-mongodb,container mongodb-agent
AGENT_STATUS_FILEPATH=/var/log/mongodb-mms-automation/healthstatus/agent-health-status.json
AUTOMATION_CONfig_MAP=example-openshift-mongodb-config
HEADLESS_AGENT=true
MANAGED_Security_CONTEXT=true
# POD_NAMESPACE from field path Metadata.namespace
# statefulsets/example-openshift-mongodb,container mongod
AGENT_STATUS_FILEPATH=/healthstatus/agent-health-status.json
MANAGED_Security_CONTEXT=true


[kubenode@master mongodb-kubernetes-operator]$ oc set env deployment.apps/mongodb-kubernetes-operator --list
# deployments/mongodb-kubernetes-operator,container mongodb-kubernetes-operator
# WATCH_NAMESPACE from field path Metadata.namespace
# POD_NAME from field path Metadata.name
MANAGED_Security_CONTEXT=true
OPERATOR_NAME=mongodb-kubernetes-operator
AGENT_IMAGE=quay.io/mongodb/mongodb-agent:10.19.0.6562-1
VERSION_UPGRADE_HOOK_IMAGE=quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.2

运营商信息

运营商版本：0.3.0
MongoDB 镜像使用 4.2.6

集群信息

[kubenode@master mongodb-kubernetes-operator]$ openshift version
openshift v3.11.0+62803d0-1

[kubenode@master mongodb-kubernetes-operator]$ kubectl version
Client Version: version.Info{Major:"1",Minor:"11+",GitVersion:"v1.11.0+d4cacc0",GitCommit:"d4cacc0",GitTreeState:"clean",BuildDate:"2018-10-15T09:45:30Z",GoVersion:"go1.10.2",Compiler:"gc",Platform:"linux/amd64"}
Server Version: version.Info{Major:"1",BuildDate:"2020-12-07T17:59:40Z",GoVersion:"go1.10.8",Platform:"linux/amd64"}

更新：

当我检查副本 pod yaml 时，我看到 runAsUser 安全上下文设置为 1000510000 的三种情况，即使我没有手动设置，我也不知道这是如何设置的

[kubenode@master mongodb-kubernetes-operator]$ oc get -o yaml pod example-openshift-mongodb-0
apiVersion: v1
kind: Pod
Metadata:
  annotations:
    openshift.io/scc: restricted
  creationTimestamp: 2021-01-19T07:45:05Z
  generateName: example-openshift-mongodb-
  labels:
    app: example-openshift-mongodb-svc
    controller-revision-hash: example-openshift-mongodb-6549495b
    statefulset.kubernetes.io/pod-name: example-openshift-mongodb-0
  name: example-openshift-mongodb-0
  namespace: mongodb
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: StatefulSet
    name: example-openshift-mongodb
    uid: 3e91eb40-5a2a-11eb-a5e0-0050569b1f59
  resourceVersion: "15616863"
  selfLink: /api/v1/namespaces/mongodb/pods/example-openshift-mongodb-0
  uid: 3ea17a28-5a2a-11eb-a5e0-0050569b1f59
spec:
  containers:
  - command:
    - agent/mongodb-agent
    - -cluster=/var/lib/automation/config/cluster-config.json
    - -skipMongoStart
    - -noDaemonize
    - -healthCheckFilePath=/var/log/mongodb-mms-automation/healthstatus/agent-health-status.json
    - -serveStatusPort=5000
    - -useLocalMongoDbTools
    env:
    - name: AGENT_STATUS_FILEPATH
      value: /var/log/mongodb-mms-automation/healthstatus/agent-health-status.json
    - name: AUTOMATION_CONfig_MAP
      value: example-openshift-mongodb-config
    - name: HEADLESS_AGENT
      value: "true"
    - name: MANAGED_Security_CONTEXT
      value: "true"
    - name: POD_NAMESPACE
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldpath: Metadata.namespace
    image: quay.io/mongodb/mongodb-agent:10.19.0.6562-1
    imagePullPolicy: Always
    name: mongodb-agent
    readinessProbe:
      exec:
        command:
        - /var/lib/mongodb-mms-automation/probes/readinessprobe
      failureThreshold: 60
      initialDelaySeconds: 5
      periodSeconds: 10
      successthreshold: 1
      timeoutSeconds: 1
    resources: {}
    securityContext:
      capabilities:
        drop:
        - KILL
        - MKNOD
        - SETGID
        - SETUID
      runAsUser: 1000510000
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/lib/automation/config
      name: automation-config
      readOnly: true
    - mountPath: /data
      name: data-volume
    - mountPath: /var/lib/mongodb-mms-automation/authentication
      name: example-openshift-mongodb-agent-scram-credentials
    - mountPath: /var/log/mongodb-mms-automation/healthstatus
      name: healthstatus
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: mongodb-kubernetes-operator-token-lr9l4
      readOnly: true
  - command:
    - /bin/sh
    - -c
    - |2

      # run post-start hook to handle version changes
      /hooks/version-upgrade

      # wait for config to be created by the agent
      while [ ! -f /data/automation-mongod.conf ]; do sleep 3 ; done ; sleep 2 ;

      # start mongod with this configuration
      exec mongod -f /data/automation-mongod.conf ;
    env:
    - name: AGENT_STATUS_FILEPATH
      value: /healthstatus/agent-health-status.json
    - name: MANAGED_Security_CONTEXT
      value: "true"
    image: mongo:4.2.6
    imagePullPolicy: IfNotPresent
    name: mongod
    resources: {}
    securityContext:
      capabilities:
        drop:
        - KILL
        - MKNOD
        - SETGID
        - SETUID
      runAsUser: 1000510000
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /data
      name: data-volume
    - mountPath: /var/lib/mongodb-mms-automation/authentication
      name: example-openshift-mongodb-agent-scram-credentials
    - mountPath: /healthstatus
      name: healthstatus
    - mountPath: /hooks
      name: hooks
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: mongodb-kubernetes-operator-token-lr9l4
      readOnly: true
  dnsPolicy: ClusterFirst
  hostname: example-openshift-mongodb-0
  imagePullSecrets:
  - name: mongodb-kubernetes-operator-dockercfg-jhplw
  initContainers:
  - command:
    - cp
    - version-upgrade-hook
    - /hooks/version-upgrade
    image: quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.2
    imagePullPolicy: Always
    name: mongod-posthook
    resources: {}
    securityContext:
      capabilities:
        drop:
        - KILL
        - MKNOD
        - SETGID
        - SETUID
      runAsUser: 1000510000
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /hooks
      name: hooks
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: mongodb-kubernetes-operator-token-lr9l4
      readOnly: true
  nodeName: node1.192.168.27.116.nip.io
  nodeselector:
    node-role.kubernetes.io/compute: "true"
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext:
    fsGroup: 1000510000
    seLinuxOptions:
      level: s0:c23,c2
  serviceAccount: mongodb-kubernetes-operator
  serviceAccountName: mongodb-kubernetes-operator
  subdomain: example-openshift-mongodb-svc
  terminationGracePeriodSeconds: 30
  volumes:
  - name: data-volume
    persistentVolumeClaim:
      claimName: data-volume-example-openshift-mongodb-0
  - name: automation-config
    secret:
      defaultMode: 416
      secretName: example-openshift-mongodb-config
  - name: example-openshift-mongodb-agent-scram-credentials
    secret:
      defaultMode: 384
      secretName: example-openshift-mongodb-agent-scram-credentials
  - emptyDir: {}
    name: healthstatus
  - emptyDir: {}
    name: hooks
  - name: mongodb-kubernetes-operator-token-lr9l4
    secret:
      defaultMode: 420
      secretName: mongodb-kubernetes-operator-token-lr9l4
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: 2021-01-19T07:46:45Z
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: 2021-01-19T07:46:39Z
    message: 'containers with unready status: [mongodb-agent]'
    reason: ContainersNotReady
    status: "False"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: null
    message: 'containers with unready status: [mongodb-agent]'
    reason: ContainersNotReady
    status: "False"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: 2021-01-19T07:45:05Z
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://bd3ede9178bb78267bc19d1b5da0915d3bcd1d4dcee3e142c7583424bd2aa777
    image: docker.io/mongo:4.2.6
    imageID: docker-pullable://docker.io/mongo@sha256:c880f6b56f443bb4d01baa759883228cd84fa8d78fa1a36001d1c0a0712b5a07
    lastState: {}
    name: mongod
    ready: true
    restartCount: 0
    state:
      running:
        startedAt: 2021-01-19T07:46:55Z
  - containerID: docker://5e39c0b6269b8231bbf9cabb4ff3457d9f91e878eff23953e318a9475fb8a90e
    image: quay.io/mongodb/mongodb-agent:10.19.0.6562-1
    imageID: docker-pullable://quay.io/mongodb/mongodb-agent@sha256:790c2670ef7cefd61cfaabaf739de16dbd2e07dc3b539add0da21ab7d5ac7626
    lastState:
      terminated:
        containerID: docker://5e39c0b6269b8231bbf9cabb4ff3457d9f91e878eff23953e318a9475fb8a90e
        exitCode: 2
        finishedAt: 2021-01-19T19:39:58Z
        reason: Error
        startedAt: 2021-01-19T19:39:58Z
    name: mongodb-agent
    ready: false
    restartCount: 144
    state:
      waiting:
        message: Back-off 5m0s restarting Failed container=mongodb-agent pod=example-openshift-mongodb-0_mongodb(3ea17a28-5a2a-11eb-a5e0-0050569b1f59)
        reason: CrashLoopBackOff
  hostIP: 192.168.27.116
  initContainerStatuses:
  - containerID: docker://7c31cef2a68e3e6100c2cc9c83e3780313f1e8ab43bebca79ad4d48613f124bd
    image: quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.2
    imageID: docker-pullable://quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook@sha256:e99105b1c54e12913ddaf470af8025111a6e6e4c8917fc61be71d1bc0328e7d7
    lastState: {}
    name: mongod-posthook
    ready: true
    restartCount: 0
    state:
      terminated:
        containerID: docker://7c31cef2a68e3e6100c2cc9c83e3780313f1e8ab43bebca79ad4d48613f124bd
        exitCode: 0
        finishedAt: 2021-01-19T07:46:45Z
        reason: Completed
        startedAt: 2021-01-19T07:46:44Z
  phase: Running
  podIP: 10.129.0.119
  qosClass: BestEffort
  startTime: 2021-01-19T07:46:39Z

无法在 openshift 中部署 mongodb 社区运营商 更新：

如何解决无法在 openshift 中部署 mongodb 社区运营商 更新：

更新：

相关推荐

无法在 openshift 中部署 mongodb 社区运营商更新：

如何解决无法在 openshift 中部署 mongodb 社区运营商更新：