Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
daemonset splunk-kubernetes-logging not started on openshift
See original GitHub issueWhat happened:
When deploying SCK v1.4.3 using helm the daemonset for logging is not starting due to privileged container security settings.
What you expected to happen:
daemonset need to be startet to collect container logsfiles.
How to reproduce it (as minimally and precisely as possible):
start openshift playground: https://learn.openshift.com/playgrounds/openshift44/
oc create ns splunk-logging
oc config set-context --current --namespace=splunk-logging
helm install -f config.yml my-splunk-connect https://github.com/splunk/splunk-connect-for-kubernetes/releases/download/1.4.3/splunk-connect-for-kubernetes-1.4.3.tgz --namespace=splunk-logging
oc describe daemonset/my-splunk-connect-splunk-kubernetes-logging --namespace=splunk-logging
Errorevents:
Warning FailedCreate 27s (x14 over 68s) daemonset-controller Error creating: pods "my-splunk-connect-splunk-kubernetes-logging-" is forbidden: unable to validate against any security context constraint: [spec.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[2]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.containers[0].securityContext.securityContext.runAsUser: Invalid value: 0: must be in the ranges: [1000160000, 1000169999] spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed]
Anything else we need to know?:
To get this work you need to create a SecurityContextConstraints for the SA User. Example: https://github.com/schose/splunk-connect-for-kubernetes/blob/openshift/helm-chart/splunk-connect-for-kubernetes/charts/splunk-kubernetes-logging/templates/ssc.yaml
unfortunately this breaks “helm install” functionality. “helm template” + “oc apply” is working…
Environment:
- Kubernetes version (use
kubectl version):
$ oc version
Client Version: 4.4.0-202005290638-1960dd7
Server Version: 4.4.8
Kubernetes Version: v1.17.1+3f6f40d
- Ruby version (use
ruby --version): - OS (e.g:
cat /etc/os-release): - Splunk version:
- Others:
Issue Analytics
- State:
- Created 3 years ago
- Comments:12 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
This got it working for me.
This issue was closed because it has been inactive for 14 days since being marked as stale.