Some environments have admission webhook policies so that labels and resources must be provided to run workloads:
INFO[0000] no container specified, taking first container we found in pod.
INFO[0000] selected container: 'test-container'
INFO[0000] sniffing method: privileged pod
INFO[0000] sniffing on pod: 'test-pod' [namespace: 'default', container: 'test-container', filter: '', interface: 'any']
INFO[0000] creating privileged pod on node: 'main1'
ERRO[0000] failed to create privileged pod on node: 'main1' error="admission webhook \"validation.gatekeeper.sh\" denied the request: [policy-k8spodenforcelabels] you must provide labels: {\"app.kubernetes.io/instance\", \"app.kubernetes.io/managed-by\", \"app.kubernetes.io/name\"}"
Error: admission webhook "validation.gatekeeper.sh" denied the request: [policy-k8spodenforcelabels] you must provide labels: {"app.kubernetes.io/instance", "app.kubernetes.io/managed-by", "app.kubernetes.io/name"}
I'm currently following this approach in a personal fork (modifying kubernetes_api_service.go), though not sure if this is a feature that should be implemented for the general use of the tool.
Some environments have admission webhook policies so that labels and resources must be provided to run workloads:
I'm currently following this approach in a personal fork (modifying kubernetes_api_service.go), though not sure if this is a feature that should be implemented for the general use of the tool.
And also resources requests and limits like: