This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

OpenShift Dynakube operator cloud-native full-stack: init container ko: runAsNonRoot: Invalid value: false: must be true

gilles_tabary
Mentor

‎21 Aug 2025 10:38 AM - edited ‎21 Aug 2025 10:49 AM

Hello.

On an OpenShift cluster v4.18.13 (K8S v1.31.8)
+ Certified Dynatrace Operator Dynakube 1.6.1 / cloud-native full-stack
+ Managed 1.320.66 + AG 1.319.21 + OA 1.319.55

we are trying to instanciate <docker.registry>/opensearchproject/opensearch-dashboards:2.17.1 .

It fails to start with runAsUser & runAsNonRoot issues like "runAsNonRoot: Invalid value: false: must be true" :

message: 'pods "hgw-opensearch-dashboards-68f76b89d7-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider "trident-controller": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .containers[0].runAsUser: Invalid value: 1000: must be in the ranges: [1001100000, 1001109999], provider "restricted": Forbidden: not usable by user or serviceaccount, provider nonroot-v2: .initContainers[0].runAsNonRoot: Invalid value: false: must be true, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "logging-scc": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "trident-node-linux": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "xdr-agent-scc-cortex-xdr": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]'

We are concerned this may hapen with other applications. 

  • hack : deactivate pod dynatrace full-stack app monitoring injection, then it starts
  • works fine with scc restricted-v2
  • KO with scc nonroot-v2 because of runAsNonRoot value is "false" 

Any one reproduced this ? Any fix ?

Regards.

Reply
5 REPLIES 5

PacoPorro
Dynatrace Leader
Dynatrace Leader

‎21 Aug 2025 10:44 AM - edited ‎21 Aug 2025 10:47 AM

Can you provide the output from 

oc get scc dynatrace-webhook


Looks to me the opensearch dashboards have their own SCC. 
Please check https://docs.dynatrace.com/docs/shortlink/openshift-configuration#code-module-injection-for-applicat...

0 Kudos
Reply

gilles_tabary
Mentor
In response to PacoPorro

‎21 Aug 2025 10:53 AM

FYI

  • works fine with scc restricted-v2
  • KO with scc nonroot-v2 because of runAsNonRoot value is "false" 
0 Kudos
Reply

gilles_tabary
Mentor
In response to PacoPorro

‎21 Aug 2025 11:50 AM

Is what you are after : 

oc get deployment hgw-opensearch-dashboards -o yaml | grep scc:
    openshift.io/scc: nonroot-v2

oc get pod/dynatrace-webhook-1111857d9c-11111 -o yaml | grep scc:
    openshift.io/scc: nonroot-v2

Checking your link thanks.

0 Kudos
Reply

PacoPorro
Dynatrace Leader
Dynatrace Leader
In response to gilles_tabary

‎21 Aug 2025 01:09 PM

0 Kudos
Reply

gilles_tabary
Mentor
In response to PacoPorro

‎21 Aug 2025 01:43 PM

Thanks for input.

https://docs.dynatrace.com/docs/shortlink/installation-openshift-operatorhub#limitations says : from OperatorHub (our option) : Application observability cannot be installed with CSI driver.

Also , I fail to see why csi in involved in the question.

0 Kudos
Reply
Ask a question

Featured Posts