search

DataDog / datadog-agent

Main repository for Datadog Agent
https://docs.datadoghq.com/
Apache License 2.0
2.86k stars 1.2k forks source link

Failure to create Daemonset Pod (MiniShift) #5546

Open SherazShahid17 opened 4 years ago

SherazShahid17 commented 4 years ago

Following all instructions in installing the Kubernetes Datadog-agent, when executed it reaches the following error (separated for ease)

Warning FailedCreate 13h (x78 over 19h) daemonset-controller Error creating: pods "datadog-agent-" is forbidden: unable to validate against any security context constraint:

[spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes [2]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes [3]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes [7]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes [8]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[ 10]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes [11]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes [12]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes [13]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.initContainers

[0].securityContext.containers[1].hostPort: Invalid value: 8126: Host ports are not allowed to be used spec.initContainers [1].securityContext.containers [1].hostPort: Invalid value: 8126: Host ports are not allowed to be used spec.initContainers [2].securityContext.containers[1].hostPort: Invalid value: 8126: Host ports are not allowed to be used spec.containers [0].securityContext.containers [1].hostPort: Invalid value: 8126: Host ports are not allowed to be used spec.containers [1].securityContext.containers[1].hostPort: Invalid value: 8126: Host ports are not allowed to be used spec.containers[2].securityContext.containers

[1].hostPort: Invalid value: 8126: Host ports are not allowed to be used pod.metadata.annotations.container.seccomp.security.alpha.kubernetes.io/system-probe: Forbidden: seccomp may not be set capabilities.add:

Invalid value: "IPC_LOCK": capability may not be added capabilities.add: Invalid value: "NET_ADMIN": capability may not be added capabilities.add: Invalid value: "SYS_ADMIN": capability may not be added capabilities.add: Invalid value: "SYS_PTRACE": capability may not be added capabilities.add: Invalid value: "SYS_RESOURCE": capability may not be added spec.containers

[3].securityContext.containers [1].hostPort: Invalid value: 8126: Host ports are not allowed to be used

Attached screenshot:

Screenshot 2020-05-17 at 19 32 55
Simwar commented 4 years ago

Hey @SherazShahid17

This issue seems related to Openshift security rules. You can find how to enable these options in your SCC in our Openshift doc: https://docs.datadoghq.com/integrations/openshift/#restricted-scc-operations

If this does not yield any results, you can open a support ticket by emailing: support@datadoghq.com to troubleshoot this further with our support team.

Thanks,

Simon