search

cloud-bulldozer / metadata-collector

Containerization of the Stockpile project (https://github.com/cloud-bulldozer/stockpile)
Apache License 2.0
2 stars 6 forks source link

full-monte backpack collection fails because of privileged pods #8

Open bengland2 opened 4 years ago

bengland2 commented 4 years ago

I tried following your e-mail instructions, after doing

# oc apply -f backpack_role.yaml

which succeeded, I used this CR snippet:

spec:
  metadata: 
    collection: true
    targeted: false
    privileged: true
    serviceaccount: "backpack-view"
    label:
      - [ 'cluster.ocs.openshift.io/openshift-storage', '' ]

And it fails with the error:

# ocmr describe daemonset.apps/backpack-81808487
...
  Warning  FailedCreate  75s (x15 over 2m37s)  daemonset-controller  Error creating: pods "backpack-81808487-" is forbidden: unable to validate against any security context constraint: [spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed]

You said to update the "privileged" scc, but I'm not sure what change to make there. Thanks -ben

jtaleric commented 3 years ago

I think the backpack work now applies the right SCC/RBAC to run privileged pods... @dry923 can confirm.