Skip to content

Fix Milvus installation in OpenShift#366

Merged
shivamerla merged 1 commit intoNVIDIA:mainfrom
shengnuo:milvus-openshift
Mar 13, 2025
Merged

Fix Milvus installation in OpenShift#366
shivamerla merged 1 commit intoNVIDIA:mainfrom
shengnuo:milvus-openshift

Conversation

@shengnuo
Copy link
Copy Markdown
Collaborator

@shengnuo shengnuo commented Mar 11, 2025

Milvus is crashing when it's installed in a custom namespace OpenShift with the following error message
2025/02/27 07:46:13 write failed: open /milvus/configs/milvus.yaml: permission denied

This stems from the restricted-v2 SCC in OpenShift.
By default, OpenShift uses the most restricted SCC restricted-v2 for service accounts in nemo namespace. When such SCC is applied, the following securityContext is added to the Milvus container.

securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000790000

This makes the main container unable to read the /milvus/configs/milvus.yaml file created by the init container.

This MR fixes the issue by creating a dedicated service account for Milvus, and assigning the SCC anyuid to the service account.

@copy-pr-bot
Copy link
Copy Markdown

copy-pr-bot Bot commented Mar 11, 2025

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@shengnuo
Fix Milvus installation in OpenShift
04875c6 
Signed-off-by: Sheng Lin <shelin@nvidia.com>
shivamerla
shivamerla approved these changes Mar 13, 2025
View reviewed changes
Copy link
Copy Markdown
Collaborator

@shivamerla shivamerla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@shivamerla shivamerla merged commit 2bc8040 into NVIDIA:main Mar 13, 2025
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shivamerla shivamerla shivamerla approved these changes

@ArangoGutierrez ArangoGutierrez Awaiting requested review from ArangoGutierrez

@slu2011 slu2011 Awaiting requested review from slu2011

@visheshtanksale visheshtanksale Awaiting requested review from visheshtanksale visheshtanksale is a code owner

@varunrsekar varunrsekar Awaiting requested review from varunrsekar varunrsekar is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shengnuo @shivamerla