Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Promtail] Chart does not grant initContainer capabilities #2630

Closed
mcavoyk opened this issue Sep 16, 2020 · 0 comments · Fixed by #2659
Closed

[Promtail] Chart does not grant initContainer capabilities #2630

mcavoyk opened this issue Sep 16, 2020 · 0 comments · Fixed by #2659
Labels
component/agent component/integrations component/packaging good first issue These are great first issues. If you are looking for a place to start, start here! help wanted We would love help on these issues. Please come help us!

Comments

@mcavoyk
Copy link

mcavoyk commented Sep 16, 2020

Describe the bug
The PodSecurityPolicy included in the Promtail Helm chart does not grant the capabilities needed for running the privileged initContainer when the setting is enabled.

To Reproduce
Steps to reproduce the behavior:

  1. Have a cluster with a baseline PodSecurityPolicy which prevents privileged pods.
  2. Install promtail chart with initContainer enabled and PSP enabled. The daemonset is unable to create pods.

Expected behavior
Helm chart should have settings to grant the cabilities the chart requires to run.

Environment:

  • Infrastructure: Kubernetes v1.16
  • Deployment tool: Helm - Promtail chart v0.24.0

Screenshots, Promtail config, or terminal output

Warning  FailedCreate      18s (x11 over 23s)  daemonset-controller  Error creating: pods "promtail-" is forbidden: unable to validate against any pod security policy: [spec.initContainers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed]
@cyriltovena cyriltovena added component/agent component/integrations component/packaging good first issue These are great first issues. If you are looking for a place to start, start here! help wanted We would love help on these issues. Please come help us! labels Sep 17, 2020
@rskrishnar rskrishnar mentioned this issue Sep 23, 2020
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/agent component/integrations component/packaging good first issue These are great first issues. If you are looking for a place to start, start here! help wanted We would love help on these issues. Please come help us!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Promtail] enables configuring psp in helm chart rskrishnar/loki
2 participants
@cyriltovena @mcavoyk