Helm install `higress-console-prometheus` need support change securityContext through helm values

carrypann commented 9 months ago

If you are reporting any crash or any potential security issue, do not open an issue in this repo. Please report the issue via ASRC(Alibaba Security Response Center) where the issue will be triaged appropriately.

[ ] I have searched the issues of this repository and believe that this is not a duplicate.

Ⅰ. Issue Description

Helm install higress-console-prometheus failed

Ⅱ. Describe what happened

Install higress on k8s using helm with parameter higress-console.o11y.enabled=true, but higress-console-prometheus install failed because of permission denied.

If there is an exception, please attach the exception trace:

2023-12-22T00:14:01.208784181+08:00 ts=2023-12-21T16:14:01.208Z caller=main.go:501 level=warn deprecation_notice="'storage.tsdb.retention' flag is deprecated use 'storage.tsdb.retention.time' instead."

2023-12-22T00:14:01.208884508+08:00 ts=2023-12-21T16:14:01.208Z caller=main.go:556 level=info msg="Starting Prometheus Server" mode=server version="(version=2.40.7, branch=HEAD, revision=ab239ac5d43f6c1068f0d05283a0544576aaecf8)"

2023-12-22T00:14:01.208893737+08:00 ts=2023-12-21T16:14:01.208Z caller=main.go:561 level=info build_context="(go=go1.19.4, user=root@afba4a8bd7cc, date=20221214-08:49:43)"

2023-12-22T00:14:01.208900337+08:00 ts=2023-12-21T16:14:01.208Z caller=main.go:562 level=info host_details="(Linux 5.4.0-139-generic #156-Ubuntu SMP Fri Jan 20 17:27:18 UTC 2023 x86_64 higress-console-prometheus-5ffcbfd595-78jkq (none))"

2023-12-22T00:14:01.208932466+08:00 ts=2023-12-21T16:14:01.208Z caller=main.go:563 level=info fd_limits="(soft=1048576, hard=1048576)"

2023-12-22T00:14:01.208944936+08:00 ts=2023-12-21T16:14:01.208Z caller=main.go:564 level=info vm_limits="(soft=unlimited, hard=unlimited)"

2023-12-22T00:14:01.209285135+08:00 ts=2023-12-21T16:14:01.209Z caller=query_logger.go:91 level=error component=activeQueryTracker msg="Error opening query log file" file=/prometheus/queries.active err="open /prometheus/queries.active: permission denied"

2023-12-22T00:14:01.211469983+08:00 panic: Unable to create mmap-ed active query log

2023-12-22T00:14:01.211481073+08:00 

2023-12-22T00:14:01.211488143+08:00 goroutine 1 [running]:

2023-12-22T00:14:01.211494142+08:00 github.com/prometheus/prometheus/promql.NewActiveQueryTracker({0x7ffd368bf14d, 0xb}, 0x14, {0x3b9fa20, 0xc0007e96d0})

2023-12-22T00:14:01.211499692+08:00     /app/promql/query_logger.go:121 +0x3cd

2023-12-22T00:14:01.211505772+08:00 main.main()

2023-12-22T00:14:01.211510662+08:00     /app/cmd/prometheus/main.go:618 +0x6973

Ⅲ. Describe what you expected to happen

Ⅳ. How to reproduce it (as minimally and precisely as possible)

xxx
xxx
xxx

Ⅴ. Anything else we need to know?

Ⅵ. Environment:

Higress version: 1.3.2
OS : Linux
Others:

johnlanni commented 9 months ago

是在阿里云或其他云上安装么，higresss console 有一些helm参数可以设置pvc相关配置，可以参考下，以阿里云ACK为例：

  --set higress-console.o11y.enabled=true \
  --set higress-console.o11y.grafana.storage=50Gi \
  --set higress-console.o11y.grafana.pvc.storageClassName=alicloud-disk-essd \
  --set higress-console.o11y.prometheus.storage=100Gi \
  --set higress-console.o11y.prometheus.pvc.storageClassName=alicloud-disk-essd \
  --set higress-console.pvc.rwxSupported=false \

carrypann commented 9 months ago

自建集群搭建的kubesphere，看错误应该是没有目录权限导致的，prometheus 社区找到解决办法是通过securityContext.runAsUser配置启动用户来解决，但higress-console的 helm 包似乎没有开放相关配置

johnlanni commented 9 months ago

自建集群搭建的kubesphere，看错误应该是没有目录权限导致的，prometheus 社区找到解决办法是通过securityContext.runAsUser配置启动用户来解决，但higress-console的 helm 包似乎没有开放相关配置

好的可以支持一下的，我先issue标记为help wanted了

OnlyPiglet commented 7 months ago

may I have a try for this ?

alibaba / higress