Known Issues

Error during unshare(CLONE_NEWUSER): Invalid argument

Buildah is best used with the OCI container runtime. When used with the Docker container runtime, it may not have the permissions to perform some required system calls.

From containers/buildah#1901, it seems a system call, that’s forbidden by default with the Docker container runtime, is still necessary when the user doesn’t have the CAP_SYS_ADMIN capability.

The only option is to change the Docker container runtime to use a different seccomp profile, e.g.:

$ docker run --security-opt seccomp=/usr/share/containers/seccomp.json

However, that requires being able to configure your cluster container runtime.

A work-around is to use another builder strategy, like Kaniko or Spectrum, e.g., when installing Camel K:

$ kamel install --build-publish-strategy=kaniko

Or by patching your IntegrationPlatform resource directly if you have Camel K already installed, e.g.:

$ kubectl patch ip camel-k --type='merge' -p '{"spec":{"build":{"publishStrategy":"kaniko"}}}'

[Openshift] Repeated install/uninstall and removal of CamelCatalog leads to re-creation of builder image

Openshift’s internal container image registry operates on image streams instead of directly on images. As a side effect in a non production usage it can lead to an increase of the container image storage. This is because the uninstall command will remove the CamelCatalog but can’t remove the actual container image.

In case you don’t need any change in the CamelCatalog, the solutions is to use the following flag when uninstalling if you plan to install again after:

kamel uninstall --skip-camel-catalogs