unable to set CAP_SETFCAP effective capability: Operation not permitted

gris-gris commented 4 years ago

Describe the bug: Default vault creation process doesn't have CAP_SETFCAP capability in statefulset (https://github.com/banzaicloud/bank-vaults/blob/master/charts/vault/templates/statefulset.yaml#L125) This causes to CrashLoopBackOff.

Expected behaviour: Vault CR with default parameters created and started successfully

Steps to reproduce the bug:

helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com
helm upgrade --install vault-operator banzaicloud-stable/vault-operator
kubectl apply -f operator/deploy/rbac.yaml
kubectl apply -f operator/deploy/cr.yaml

Environment details:

Kubernetes version: 1.18.10
Cloud-provider/provisioner: Scaleway Kapsule
bank-vaults version: 1.7.0
Install method: helm
Logs from the misbehaving component (and any other relevant logs): unable to set CAP_SETFCAP effective capability: Operation not permitted
Resource definition (possibly in YAML format) that caused the issue, without sensitive data: Standard yaml for vault deploy, without changes: https://github.com/banzaicloud/bank-vaults/blob/master/operator/deploy/cr.yaml

/kind bug

bonifaido commented 4 years ago

fix incoming in https://github.com/banzaicloud/bank-vaults/pull/1176

gris-gris commented 4 years ago

@bonifaido I also fixed this by adding CAP_SETFCAP in https://github.com/banzaicloud/bank-vaults/blob/master/operator/pkg/controller/vault/vault_controller.go#L1986 and rebuild the operator by myself.

bonifaido commented 4 years ago

But if you add the disable_mlock to the config you will get the same results for the operator.

bank-vaults / bank-vaults

unable to set CAP_SETFCAP effective capability: Operation not permitted #1170