Closed paigerube14 closed 1 year ago
Need to add proper privileges to dittybopper namespace with 4.12 cluster version and future verisons
11-30 08:47:36.192 + ./deploy.sh 11-30 08:47:36.192 11-30 08:47:36.192 [32m 11-30 08:47:36.192 ____ _ __ __ __ 11-30 08:47:36.192 / __ \(_) /_/ /___ __/ /_ ____ ____ ____ ___ _____ 11-30 08:47:36.192 / / / / / __/ __/ / / / __ \/ __ \/ __ \/ __ \/ _ \/ ___/ 11-30 08:47:36.192 / /_/ / / /_/ /_/ /_/ / /_/ / /_/ / /_/ / /_/ / __/ / 11-30 08:47:36.192 /_____/_/\__/\__/\__, /_.___/\____/ .___/ .___/\___/_/ 11-30 08:47:36.192 /____/ /_/ /_/ 11-30 08:47:36.192 11-30 08:47:36.192 [0m 11-30 08:47:36.192 Using k8s command: oc 11-30 08:47:36.192 Using namespace: dittybopper 11-30 08:47:36.192 Using default grafana password: admin 11-30 08:47:36.192 11-30 08:47:36.192 [32mGetting environment vars...[0m 11-30 08:47:36.756 Command "get-token" is deprecated, and will be removed in the future version. Use oc create token instead. 11-30 08:47:36.756 error: could not find a service account token for service account "prometheus-k8s" 11-30 08:47:37.013 Command "new-token" is deprecated, and will be removed in the future version. Use oc create token instead. 11-30 08:47:37.270 Prometheus URL is: https://prometheus-k8s-openshift-monitoring.apps.scaleci12-301040.qe.azure.devcluster.openshift.com/ 11-30 08:47:37.270 Prometheus bearer token collected. 11-30 08:47:37.270 11-30 08:47:37.270 [32mCreating namespace...[0m 11-30 08:47:38.199 namespace/dittybopper created 11-30 08:47:38.199 11-30 08:47:38.199 [32mDeploying Grafana...[0m 11-30 08:47:40.805 service/dittybopper created 11-30 08:47:40.805 route.route.openshift.io/dittybopper created 11-30 08:47:40.805 Warning: would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (containers "dittybopper", "dittybopper-syncer" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "dittybopper", "dittybopper-syncer" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "dittybopper", "dittybopper-syncer" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "dittybopper", "dittybopper-syncer" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") 11-30 08:47:40.805 deployment.apps/dittybopper created 11-30 08:47:40.805 configmap/sc-ocp-prom created 11-30 08:47:40.805 configmap/sc-grafana-config created 11-30 08:47:40.805 11-30 08:47:40.805 [32mWaiting for dittybopper deployment to be available...[0m 11-30 08:47:53.001 deployment.apps/dittybopper condition met 11-30 08:47:53.001 11-30 08:47:53.260 You can access the Grafana instance at http://dittybopper-dittybopper.apps.***.qe.azure.devcluster.openshift.com/ 11-30 08:47:53.260 + popd 11-30 08:47:53.260 ~/ws/workspace/nch-pipeline_cluster-post-config
Fixed in https://github.com/cloud-bulldozer/performance-dashboards/pull/60
Need to add proper privileges to dittybopper namespace with 4.12 cluster version and future verisons