Fix PMM-14125: Add SCC permissions for PMM deployment on OpenShift

nogueiraanderson · nogueiraanderson · commit 5b2152875914 · 2025-08-25T21:07:13.000+02:00
- Grant anyuid Security Context Constraint to default service account
- PMM requires UID 1000 which is outside OpenShift's default range
- This fixes the 'unable to validate against any security context constraint' error
- Added detailed comments explaining why this is necessary

Without this, PMM pods fail to schedule due to OpenShift's strict security policies
diff --git a/pmm/v3/pmm3-openshift-helm-tests.groovy b/pmm/v3/pmm3-openshift-helm-tests.groovy
@@ -380,6 +380,13 @@ pipeline {
                             # Create namespace if it doesn't exist
                             oc create namespace ${params.NAMESPACE} --dry-run=client -o yaml | oc apply -f -
                             
+                            # Grant necessary Security Context Constraints for PMM to run
+                            # PMM requires specific UIDs (1000) which are outside OpenShift's default range
+                            # The anyuid SCC allows the container to run with its required user ID
+                            echo "Granting Security Context Constraints..."
+                            oc adm policy add-scc-to-user anyuid -z default -n ${params.NAMESPACE} || true
+                            echo "✓ SCC permissions granted"
+                            
                             # Add Percona Helm repository
                             helm repo add percona https://percona.github.io/percona-helm-charts/
                             helm repo update
