The container manager for a pod controller-manager is causing failures on tests test_kubernetes_configuration_helm_operator and test_kubernetes_configuration_flux_operator.
Version-Release number of selected component (if applicable):
Run the k8s conformance test script: bash -x k8s-conformance-test-suite.sh
Check the logs of config-agent-XXX pod, container config-agent. It should be returning error waiting CRD[1]
{"Message":"2022/02/21 19:26:00 Started Polling for local CRD Changes that needs to be reported to Azure",
..
{"Message":"error: Unable to get the status from the local CRD with the error : {Error : Retry for given duration didn't get any results with err {status not populated}}","LogType":"ConfigAgentTrace","LogLevel":"Error","Environment":"prod","Role":"ClusterConfigAgent","
When looking at the controller logs, we can see missing permissions to run fluxctl binary:
{"Message":"2022/02/21 19:34:38 open /data/fluxctl: permission denied"
When adding the securityContext.privileged: true to the container manager of pod controller-manager-xyz it will work as expected
Description of problem:
The container
manager
for a podcontroller-manager
is causing failures on teststest_kubernetes_configuration_helm_operator
andtest_kubernetes_configuration_flux_operator
.Version-Release number of selected component (if applicable):
How reproducible:
Always
Steps to Reproduce:
bash -x k8s-conformance-test-suite.sh
config-agent-XXX
pod, containerconfig-agent
. It should be returning error waiting CRD[1]securityContext.privileged: true
to the containermanager
of podcontroller-manager-xyz
it will work as expectedActual results:
Expected results:
Desired:
Additional info: