Symptoms
The installation of the IBM Operator for Apache Flink instance is unsuccessful, and the instance reports a Failed status.
-
The
conditionsfield under status contains the following error message:install failed: deployment flink-kubernetes-operator not ready before timeout: deployment "flink-kubernetes-operator" exceeded its progress deadline -
The pod fails with
Init:CreateContainerConfigErrorerror and the status of theinitContainercontains the following error message under themessagefield:container has runAsNonRoot and image has non-numeric user (flink), cannot verify user is non-root (pod: "flink-kubernetes-operator-dbd5764db-2zlsd_default(dca6e122-4296-44f0-b66b-8ede4307493c)", container: import-cert)
Causes
IBM Operator for Apache Flink has been tested with the default restricted-v2 Security Context Constraint (SCC) provided by the OpenShift Container Platform.
If a user or any other operator applies a custom SCC that removes permissions required by IBM Operator for Apache Flink, then this will cause issues.
Resolving the problem
Apply the custom Security Context Constraint (SCC) provided by IBM Event Automation to enable permissions required by the product.
To do this, edit the event-automation-scc.yaml file to add your namespace and apply it using oc tool as follows:
-
Edit the
event-automation-scc.yamland add the namespace where your IBM Operator for Apache Flink instance is installed. -
Log in to your Red Hat OpenShift Container Platform as a cluster administrator by using the
ocCLI (oc login). -
Run the following command to apply the SCC:
oc apply -f <custom_scc_file_path>For example:
oc apply -f event-automation-scc.yaml