[camel-k] 04/04: doc: Init troubleshooting guide

Mon, 20 Jul 2020 07:46:01 -0700 

This is an automated email from the ASF dual-hosted git repository.

astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git

commit de55ecb8b4d7e625f54a2f036585c63a5f7f244f
Author: Antonin Stefanutti <anto...@stefanutti.fr>
AuthorDate: Mon Jul 20 15:37:50 2020 +0200

    doc: Init troubleshooting guide
---
 docs/modules/ROOT/nav-end.adoc               |  1 +
 docs/modules/ROOT/pages/troubleshooting.adoc | 32 ++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/docs/modules/ROOT/nav-end.adoc b/docs/modules/ROOT/nav-end.adoc
index e39e00d..1e8f12e 100644
--- a/docs/modules/ROOT/nav-end.adoc
+++ b/docs/modules/ROOT/nav-end.adoc
@@ -1,2 +1,3 @@
+* xref:troubleshooting.adoc[Troubleshooting]
 * xref:uninstalling.adoc[Uninstalling]
 * xref:developers.adoc[Contributing]
diff --git a/docs/modules/ROOT/pages/troubleshooting.adoc 
b/docs/modules/ROOT/pages/troubleshooting.adoc
new file mode 100644
index 0000000..c360cfb
--- /dev/null
+++ b/docs/modules/ROOT/pages/troubleshooting.adoc
@@ -0,0 +1,32 @@
+[[troubleshooting]]
+= Troubleshooting
+
+== `Error during unshare(CLONE_NEWUSER): Invalid argument`
+
+Buildah is best used with the OCI container runtime.
+When used with the Docker container runtime, it may not have the permissions 
to perform some required system calls.
+
+From 
https://github.com/containers/buildah/issues/1901[containers/buildah#1901], it 
seems a system call, that's forbidden by default with the Docker container 
runtime, is still necessary when the user doesn't have the `CAP_SYS_ADMIN` 
capability.
+
+The only option is to change the Docker container runtime to use a different 
_seccomp_ profile, e.g.:
+
+[source,sh]
+----
+$ docker run --security-opt seccomp=/usr/share/containers/seccomp.json
+----
+
+However, that requires being able to configure your cluster container runtime.
+
+A work-around is to use another builder strategy, like Kaniko or Spectrum, 
e.g. when installing Camel K:
+
+[source,sh]
+----
+$ kamel install --build-publish-strategy=kaniko
+----
+
+Or by patching your `IntegrationPlatform` resource directly if you have Camel 
K already installed, e.g.:
+
+[source,sh]
+----
+$ kubectl patch ip camel-k --type='merge' -p 
'{"spec":{"build":{"publishStrategy":"kaniko"}}}'
+----

Reply via email to