Troubleshoot deployments to OpenShift clusters
If you run into issues during the installation of MOSTLY AI, you can review the listed errors below and see if they match your issue. Each issue includes a description of the problem and solution that shows how to overcome or workaround the issue.
Error: would violate PodSecurity allowPrivilegeEscalation
The installation error would violate PodSecurity allowPrivilegeEscalation
might indicate misconfigurations in the values.yaml
file.
Problem
When you run the helm
command to install MOSTLY AI on an OpenShift cluster, you might see the installation error similar to the one below.
W0714 14:04:39.656905 47432 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "mostly-rabbitmq" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "mostly-rabbitmq" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "mostly-rabbitmq" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "mostly-rabbitmq" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W0714 14:04:39.711306 47432 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "mostly-psql" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "mostly-psql" must set securityContext.capabilities.drop=["ALL"])
Solution
- Verify that you have the correct storageClassName defined for the
CORDINATOR: pvc: storageClassName
key. To check your OpenShift storageClassNames, open your OpenShift console, and navigate to Storage > StorageClasses. The name defined forCORDINATOR: pvc: storageClassName
must match one of the entires. - Verify that you the
platform
key is set toocp
and notk8s
.values.yamlplatform: k8s # incorrect platform: ocp # correct
Error: UPGRADE FAILED: failed to create resource: Secret in version "v1" cannot be handled as a Secret
The error UPGRADE FAILED: failed to create resource: Secret in version "v1" cannot be handled as a Secret
might indicate an incorrect or missing secret key in the docker_secret
key in the values.yaml
file.
Problem
When you run the helm
command to deploy MOSTLY AI in an OpenShift cluster, you might see the deployment error similar to the one below.
UPGRADE FAILED: failed to create resource: Secret in version "v1" cannot be handled as a Secret: illegal base64 data at input byte 6
Make sure that you have set the Docker pull image secret in docker_secret
.
Solution
- Double-check that you have the correct secret key in
docker_secret
. - Make sure that the secret key value is not wrapped in quotation marks.
If the suggestions above do not help to resolve the issue, contact your Customer Success Engineer.
Error: UPGRADE FAILED: cannot patch "mostly-data" with kind PersistentVolumeClaim
The error UPGRADE FAILED: cannot patch "mostly-data" with kind PersistentVolumeClaim
might indicate intermittent installation issues.
Problem
When you run the helm
command to deploy MOSTLY AI in an OpenShift cluster, you might see an installation error similar to the one below.
Error: UPGRADE FAILED: cannot patch "mostly-data" with kind PersistentVolumeClaim: PersistentVolumeClaim "mostly-data" is invalid: spec: Forbidden: spec is immutable after creation except resources.requests for bound claims
core.PersistentVolumeClaimSpec{
... // 2 identical fields
Resources: {Requests: {s"storage": {i: {...}, s: "50Gi", Format: "BinarySI"}}},
VolumeName: "",
- StorageClassName: &"efs-sc",
+ StorageClassName: &"efs",
VolumeMode: &"Filesystem",
DataSource: nil,
DataSourceRef: nil,
}
Solution
You can work around the issue above by removing the mostly-ai
project from your OpenShift cluster, recreating it, and running the installation again.
Steps
- Delete the the
mostly-ai
project from your OpenShift cluster.oc delete namespace mostly-ai
- Create the
mostly-ai
project again.oc new-project mostly-ai
- Run the installation again with the
helm
command.helm upgrade --install mostly-ai ./ --values values.yaml --namespace mostly-ai