Privileges needed to create properly - Githubissues

cloud-bulldozer / performance-dashboards

Performance dashboards from the Perf & Scale team

Apache License 2.0

16 stars 36 forks source link

Privileges needed to create properly #59

Closed paigerube14 closed 1 year ago

paigerube14 commented 1 year ago

Need to add proper privileges to dittybopper namespace with 4.12 cluster version and future verisons

11-30 08:47:36.192  + ./deploy.sh
11-30 08:47:36.192  
11-30 08:47:36.192  [32m
11-30 08:47:36.192      ____  _ __  __        __
11-30 08:47:36.192     / __ \(_) /_/ /___  __/ /_  ____  ____  ____  ___  _____
11-30 08:47:36.192    / / / / / __/ __/ / / / __ \/ __ \/ __ \/ __ \/ _ \/ ___/
11-30 08:47:36.192   / /_/ / / /_/ /_/ /_/ / /_/ / /_/ / /_/ / /_/ /  __/ /
11-30 08:47:36.192  /_____/_/\__/\__/\__, /_.___/\____/ .___/ .___/\___/_/
11-30 08:47:36.192                  /____/           /_/   /_/
11-30 08:47:36.192  
11-30 08:47:36.192  [0m
11-30 08:47:36.192  Using k8s command: oc
11-30 08:47:36.192  Using namespace: dittybopper
11-30 08:47:36.192  Using default grafana password: admin
11-30 08:47:36.192  
11-30 08:47:36.192  [32mGetting environment vars...[0m
11-30 08:47:36.756  Command "get-token" is deprecated, and will be removed in the future version. Use oc create token instead.
11-30 08:47:36.756  error: could not find a service account token for service account "prometheus-k8s"
11-30 08:47:37.013  Command "new-token" is deprecated, and will be removed in the future version. Use oc create token instead.
11-30 08:47:37.270  Prometheus URL is: https://prometheus-k8s-openshift-monitoring.apps.scaleci12-301040.qe.azure.devcluster.openshift.com/
11-30 08:47:37.270  Prometheus bearer token collected.
11-30 08:47:37.270  
11-30 08:47:37.270  [32mCreating namespace...[0m
11-30 08:47:38.199  namespace/dittybopper created
11-30 08:47:38.199  
11-30 08:47:38.199  [32mDeploying Grafana...[0m
11-30 08:47:40.805  service/dittybopper created
11-30 08:47:40.805  route.route.openshift.io/dittybopper created
11-30 08:47:40.805  Warning: would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (containers "dittybopper", "dittybopper-syncer" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "dittybopper", "dittybopper-syncer" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "dittybopper", "dittybopper-syncer" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "dittybopper", "dittybopper-syncer" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
11-30 08:47:40.805  deployment.apps/dittybopper created
11-30 08:47:40.805  configmap/sc-ocp-prom created
11-30 08:47:40.805  configmap/sc-grafana-config created
11-30 08:47:40.805  
11-30 08:47:40.805  [32mWaiting for dittybopper deployment to be available...[0m
11-30 08:47:53.001  deployment.apps/dittybopper condition met
11-30 08:47:53.001  
11-30 08:47:53.260  You can access the Grafana instance at http://dittybopper-dittybopper.apps.***.qe.azure.devcluster.openshift.com/
11-30 08:47:53.260  + popd
11-30 08:47:53.260  ~/ws/workspace/nch-pipeline_cluster-post-config

rsevilla87 commented 1 year ago

Fixed in https://github.com/cloud-bulldozer/performance-dashboards/pull/60