search

adorsys / ops-adorsys-kubernetes-platform

Infrastructure Setup of adorsys Test/Poc projects
Apache License 2.0
2 stars 2 forks source link

Upgrade of the argoCD Helm Chart failes with regard to PSPs #29

Closed nce closed 1 year ago

nce commented 1 year ago 
 Error: an error occurred while rolling back the release. original upgrade error: Get "https://xm6ff2rfvq.adorsys.kaas.cloudpunks.io:32484/api/v1/namespaces/ops-argocd/services/argocd-redis": context deadline exceeded: release argocd failed: Get "https://xm6ff2rfvq.adorsys.kaas.cloudpunks.io:32484/apis/apps/v1/namespaces/ops-argocd/deployments/argocd-applicationset-controller": context deadline exceeded
│ 
│   with module.argocd.helm_release.argocd,
│   on ../bootstrap/modules/argocd/main.tf line 1, in resource "helm_release" "argocd":
│    1: resource "helm_release" "argocd" {

Introduced by this commit: https://github.com/adorsys/ops-k8s-bootstrap/commit/f683a3819590c03fc617c2b4a5ef5f4f063fb9e7

Warning  FailedCreate  32s (x30 over 25m)  replicaset-controller  Error creating: pods "argocd-server-568d67454d-" is  forbidden: PodSecurityPolicy: unable to admit pod: [pod.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/server]: Forbidden: seccomp may not be set]

Guess we need to update the psp with allowed seccomp profiles

florianbeu commented 1 year ago 
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName:  'runtime/default'

added to PSP that the container can use the Profile

nce commented 1 year ago

fixed https://github.com/adorsys/ops-k8s-bootstrap/commit/6f0b279303990886aedd0ce204eee949eae6343a