Closed matt-matt-tmatt closed 1 month ago
Describe what happened:
When Datadog admission controller is enabled, pods are created with a hostpath volume which violates Kubernetes baseline PodSecurityStandard.
baseline
All back to normal when the admission controller is disabled.
❯ kubectl get events --sort-by='.lastTimestamp' ... 40m Warning FailedCreate replicaset/redacted Error creating: pods "redacted" is forbidden: violates PodSecurity "baseline:latest": hostPath volumes (volume "datadog") ...
Additional environment details (Operating System, Cloud provider, etc):
Server Version: v1.28.11-eks-db838b0
❯ k get po datadog-95n7g -o jsonpath={..image} eu.gcr.io/datadoghq/agent:7.55.2 eu.gcr.io/datadoghq/agent:7.55.2 eu.gcr.io/datadoghq/agent:7.55.2 eu.gcr.io/datadoghq/agent:7.55.2 eu.gcr.io/datadoghq/agent:7.55.2 eu.gcr.io/datadoghq/agent:7.55.2 eu.gcr.io/datadoghq/agent:7.55.2 eu.gcr.io/datadoghq/agent:7.55.2 eu.gcr.io/datadoghq/agent:7.55.2 eu.gcr.io/datadoghq/agent:7.55.2 eu.gcr.io/datadoghq/agent:7.55.2 eu.gcr.io/datadoghq/agent:7.55.2 eu.gcr.io/datadoghq/agent:7.55.2 eu.gcr.io/datadoghq/agent:7.55.2 eu.gcr.io/datadoghq/agent:7.55.2 eu.gcr.io/datadoghq/agent:7.55.2% ❯ helm list NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION datadog datadog 10 2024-08-06 16:30:53.922109 +0300 EEST deployed datadog-3.69.3 7
Moved this to the agent repository https://github.com/DataDog/datadog-agent/issues/28274
Describe what happened:
When Datadog admission controller is enabled, pods are created with a hostpath volume which violates Kubernetes
baseline
PodSecurityStandard.All back to normal when the admission controller is disabled.
Additional environment details (Operating System, Cloud provider, etc):
Server Version: v1.28.11-eks-db838b0