Openshift setup for Camunda 8

We are trying to setup Camunda 8 in openshift not able to configure Postgres,elastic search and keycloak.
Tried the default options where security context is null as well. Getting below error:

create Pod camunda-platform-elasticsearch-master-0 in StatefulSet camunda-platform-elasticsearch-master failed error: pods “camunda-platform-elasticsearch-master-0” is forbidden: unable to validate against any security context constraint: [provider “trident-controller”: Forbidden: not usable by user or serviceaccount, provider “restricted-runasnonroot-uid”: Forbidden: not usable by user or serviceaccount, provider “alertmanager”: Forbidden: not usable by user or serviceaccount, provider “anyuid”: Forbidden: not usable by user or serviceaccount, provider “thanos-compact”: Forbidden: not usable by user or serviceaccount, provider “thanos-ruler”: Forbidden: not usable by user or serviceaccount, provider “thanos-store-gateway”: Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: int64{1001}: 1001 is not an allowed group, provider restricted-v2: .containers[0].runAsUser: Invalid value: 1001: must be in the ranges: [1003470000, 1003479999], provider restricted: .spec.securityContext.fsGroup: Invalid value: int64{1001}: 1001 is not an allowed group, provider restricted: .containers[0].runAsUser: Invalid value: 1001: must be in the ranges: [1003470000, 1003479999], provider “nonroot-v2”: Forbidden: not usable by user or serviceaccount, provider “nonroot”: Forbidden: not usable by user or serviceaccount, provider “noobaa”: Forbidden: not usable by user or serviceaccount, provider “noobaa-endpoint”: Forbidden: not usable by user or serviceaccount, provider “pcap-dedicated-admins”: Forbidden: not usable by user or serviceaccount, provider “hostmount-anyuid”: Forbidden: not usable by user or serviceaccount, provider “aqua-scc”: Forbidden: not usable by user or serviceaccount, provider “machine-api-termination-handler”: Forbidden: not usable by user or serviceaccount, provider “hostnetwork-v2”: Forbidden: not usable by user or serviceaccount, provider “hostnetwork”: Forbidden: not usable by user or serviceaccount, provider “hostaccess”: Forbidden: not usable by user or serviceaccount, provider “kepler-exporter-scc”: Forbidden: not usable by user or serviceaccount, provider “splunkforwarder”: Forbidden: not usable by user or serviceaccount, provider “aqua-kube-enforcer-scc”: Forbidden: not usable by user or serviceaccount, provider “trident-node-linux”: Forbidden: not usable by user or serviceaccount, provider “fluent-bit-logging”: Forbidden: not usable by user or serviceaccount, provider “rook-ceph”: Forbidden: not usable by user or serviceaccount, provider “bprosa-node-exporter”: Forbidden: not usable by user or serviceaccount, provider “node-exporter”: Forbidden: not usable by user or serviceaccount, provider “qualys-scc”: Forbidden: not usable by user or serviceaccount, provider “rook-ceph-csi”: Forbidden: not usable by user or serviceaccount, provider “privileged”: Forbidden: not usable by user or serviceaccount]

Configuration

Can some one please help me here ?

Looks like something specific to your site.

	provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: int64{1001}: 1001 is not an allowed group,
	provider restricted-v2: .containers[0].runAsUser: Invalid value: 1001: must be in the ranges: [1003470000, 1003479999],
	provider restricted: .spec.securityContext.fsGroup: Invalid value: int64{1001}: 1001 is not an allowed group,
	provider restricted: .containers[0].runAsUser: Invalid value: 1001: must be in the ranges: [1003470000, 1003479999],

It looks like your OpenShift doesn’t like having a userID of 1001.

Hi @gomic4, welcome to the forums! I think GotnOGuts has it right … this part of our documentation might be helpful.

Hi
The patch did fix the issue but i amnot able to override any values in values.yml
Example: Image repository, CPU, Memory

Configuration is below
elasticsearch:

@param elasticsearch.enabled

enabled: true
image:
registry: “”
repository: docker.elastic.co/elasticsearch/elasticsearch
tag: 8.8.2

Same thing when i try to update the yml in the open shift console it works
Also i was able to configure registory by appending elasticsearch.image.repository=docker.elastic.co/elasticsearch/elasticsearch in the helm command

Apologies @gomic4, I’m not sure what issue you are having with overriding the values. Can you share a bit more? The configuration snippet you provided doesn’t override any of the CPU or memory values?