deployment not working #180
Description
if front set securityContext ,front can't running
│ /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
│ /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
│ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
│ 10-listen-on-ipv6-by-default.sh: info: can not modify /etc/nginx/conf.d/default.conf (read-only file system?)
│ /docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
│ /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
│ /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
│ /docker-entrypoint.sh: Configuration complete; ready for start up
│ 2025/08/13 08:09:23 [emerg] 1#1: bind() to 0.0.0.0:80 failed (13: Permission denied)
│ nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
need delete front containers's securityContext
front containers‘s port is 80 ,is not 8080, so i should modify front containers's and service port to 80
# volcano dashboard deployment
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: volcano-dashboard
name: volcano-dashboard
namespace: volcano-system
spec:
replicas: 1
selector:
matchLabels:
app: volcano-dashboard
template:
metadata:
labels:
app: volcano-dashboard
spec:
securityContext:
seLinuxOptions:
level: s0:c123,c456
seccompProfile:
type: RuntimeDefault
serviceAccountName: volcano-dashboard
containers:
- image: volcanosh/vc-dashboard-frontend:latest
imagePullPolicy: Always
name: frontend
ports:
- containerPort: 8080
name: frontend
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /var/cache/nginx
name: nginx-cache
- mountPath: /run
name: nginx-run
- image: volcanosh/vc-dashboard-backend:latest
imagePullPolicy: Always
name: backend
ports:
- containerPort: 3001
name: backend
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000
volumes:
- name: nginx-cache
emptyDir: {}
- name: nginx-run
emptyDir: {}
---
# volcano dashboard serviceAccount
apiVersion: v1
kind: ServiceAccount
metadata:
name: volcano-dashboard
namespace: volcano-system
---
# volcano dashboard cluster role binding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: volcano-dashboard-role
namespace: volcano-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: volcano-dashboard
subjects:
- kind: ServiceAccount
name: volcano-dashboard
namespace: volcano-system
---
# volcano dashboard cluster role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: volcano-dashboard
namespace: volcano-system
rules:
- apiGroups:
- batch.volcano.sh
resources:
- jobs
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- scheduling.incubator.k8s.io
- scheduling.volcano.sh
resources:
- queues
verbs:
- get
- list
- watch
- delete
- create
- update
- patch
---
# volcano dashboard service
apiVersion: v1
kind: Service
metadata:
name: volcano-dashboard
namespace: volcano-system
spec:
ports:
- name: backend
port: 3001
protocol: TCP
targetPort: 3001
- name: frontend
port: 80
protocol: TCP
targetPort: 8080
selector:
app: volcano-dashboard