bug: Encountering Errors and Warnings During Helm install fluent-operator

[onap4105]

Describe the issue

• Encountering Errors and Warnings During Helm install fluent-operator

$ helm install fluent-operator -n fluentbit ./fluent-operator/
W0430 21:57:57.912852   19520 warnings.go:70] unknown field "spec.securityContext.capabilities"
W0430 21:57:57.912852   19520 warnings.go:70] unknown field "spec.securityContext.privileged"
W0430 21:57:57.912852   19520 warnings.go:70] unknown field "spec.securityContext.readOnlyRootFilesystem"
Error: INSTALLATION FAILED: failed to refresh resource information: fluentbits.fluentbit.fluent.io "fluent-bit" not found

$ helm list -n fluentbit
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                   APP VERSION
fluent-operator fluentbit       1               2024-04-30 21:57:43.0906769 -0400 EDT   failed          fluent-operator-2.8.0   2.8.0

• The deployment seems ok

$ kubectl get fluentbits.fluentbit.fluent.io -n fluentbit
NAME         AGE
fluent-bit   13h

$ kubectl get all -n fluentbit
NAME                                             READY   STATUS    RESTARTS   AGE
pod/fluent-bit-8sdnh                             1/1     Running   0          9h
pod/fluent-bit-9xgm2                             1/1     Running   0          9h
pod/fluent-bit-dtqw9                             1/1     Running   0          9h
pod/fluent-bit-fdm9f                             1/1     Running   0          9h
pod/fluent-bit-g54tw                             1/1     Running   0          9h
pod/fluent-bit-t7dw9                             1/1     Running   0          9h
pod/fluent-bit-vk27g                             1/1     Running   0          9h
pod/fluent-bit-wlhvz                             1/1     Running   0          9h
pod/fluent-bit-xx5g4                             1/1     Running   0          9h
pod/fluent-operator-5d466549cb-s8cn6             1/1     Running   0          9h

NAME                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
service/fluent-bit   ClusterIP   x.x.x.x          <none>        2020/TCP   9h

NAME                        DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/fluent-bit   9         9         9       9            9           <none>          9h

NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/fluent-operator             1/1     1            1           9h

NAME                                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/fluent-operator-5d466549cb             1         1         1       9h

• I made these changes in values.yaml for supporting non root user

  # initContainers test run as non root user
  initContainers:
  - name: chowner-fb-storage
    image: registry.hub.docker.com/library/alpine:3.12.0
    command: ["chown", "3301:3301", "/fluent-bit"]
    securityContext:
      readOnlyRootFilesystem: true
      capabilities:
        drop: ["all"]
        add: ["CHOWN"]
      runAsUser: 0
      runAsNonRoot: false
    volumeMounts:
    - name: positions
      mountPath: /fluent-bit

• changes in fluentbit-fluentBit.yaml

  {{- if .Values.fluentbit.initContainers }}
  initContainers:
  {{ toYaml .Values.fluentbit.initContainers | indent 4 }}
  {{- end }}

To Reproduce

run "helm install fluent-operator -n fluentbit ./fluent-operator/" with above changes

Expected behavior

no warning and Error with "helm install fluent-operator -n fluentbit ./fluent-operator/"

Your Environment

- Fluent Operator version: v2.8.0
- Container Runtime: containerd://1.7.7-1
- Operating system: Ubuntu 22.04.4 LTS
- Kernel version: 5.15.0-1057-azure

How did you install fluent operator?

helm install fluent-operator -n fluentbit ./fluent-operator/

Additional context

No response

[SvenThies]

Hey @onap4105,

I followed your instruction and tried to reproduce the issue. For me, everything worked well: Adding this into values.yaml under fluentbit section:

fluentbit:
  # initContainers test run as non root user
  initContainers:
    - name: chowner-fb-storage
      image: registry.hub.docker.com/library/alpine:3.12.0
      command: ["chown", "3301:3301", "/fluent-bit"]
      securityContext:
        readOnlyRootFilesystem: true
        capabilities:
          drop: ["all"]
          add: ["CHOWN"]
        runAsUser: 0
        runAsNonRoot: false
      volumeMounts:
      - name: positions
        mountPath: /fluent-bit

Adjusting the fluentbit-fluentBit.yaml like this:

{{- if .Values.fluentbit.initContainers }}
initContainers:
{{ toYaml .Values.fluentbit.initContainers | indent 4 }}
{{- end }}

Using the fluent-operator v2.8.0

Results of helm deployment:

NAME: fluent-operator
LAST DEPLOYED: Wed Jul  3 21:04:37 2024
NAMESPACE: fluent
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Thank you for installing  fluent-operator
Your release is named    fluent-operator

To learn more about the release ,try:
   $ helm status  fluent-operator  -n  fluent
   $ helm get  fluent-operator  -n fluent

fluent-bit pod:

> k get pods fluent-bit-8shbv -oyaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2024-07-03T19:04:48Z"
  generateName: fluent-bit-
  labels:
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: fluent-bit
    controller-revision-hash: 6f794545d
    pod-template-generation: "1"
  name: fluent-bit-8shbv
  namespace: fluent
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: DaemonSet
    name: fluent-bit
    uid: 7bb083fe-45a6-46d1-9a05-51d440d81381
  resourceVersion: "87333"
  uid: 9db10dfa-c2a3-4ed6-9274-b6e0cd8053da
spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchFields:
          - key: metadata.name
            operator: In
            values:
            - minikube
  containers:
  - env:
    - name: NODE_NAME
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: spec.nodeName
    - name: HOST_IP
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: status.hostIP
    image: kubesphere/fluent-bit:v2.2.2
    imagePullPolicy: IfNotPresent
    name: fluent-bit
    ports:
    - containerPort: 2020
      name: metrics
      protocol: TCP
    resources:
      limits:
        cpu: 500m
        memory: 200Mi
      requests:
        cpu: 10m
        memory: 25Mi
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /fluent-bit/config
      name: config
      readOnly: true
    - mountPath: /var/lib/docker/containers
      mountPropagation: None
      name: varlibcontainers
      readOnly: true
    - mountPath: /var/log/
      mountPropagation: None
      name: varlogs
      readOnly: true
    - mountPath: /var/log/journal
      mountPropagation: None
      name: systemd
      readOnly: true
    - mountPath: /fluent-bit/tail
      name: positions
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-bx98g
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  initContainers:
  - command:
    - chown
    - 3301:3301
    - /fluent-bit
    image: registry.hub.docker.com/library/alpine:3.12.0
    imagePullPolicy: IfNotPresent
    name: chowner-fb-storage
    resources: {}
    securityContext:
      capabilities:
        add:
        - CHOWN
        drop:
        - all
      readOnlyRootFilesystem: true
      runAsNonRoot: false
      runAsUser: 0
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /fluent-bit
      name: positions
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-bx98g
      readOnly: true
  nodeName: minikube
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: fluent-bit
  serviceAccountName: fluent-bit
  terminationGracePeriodSeconds: 30
  tolerations:
  - operator: Exists
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
  - effect: NoSchedule
    key: node.kubernetes.io/disk-pressure
    operator: Exists
  - effect: NoSchedule
    key: node.kubernetes.io/memory-pressure
    operator: Exists
  - effect: NoSchedule
    key: node.kubernetes.io/pid-pressure
    operator: Exists
  - effect: NoSchedule
    key: node.kubernetes.io/unschedulable
    operator: Exists
  volumes:
  - name: config
    secret:
      defaultMode: 420
      secretName: fluent-bit-config
  - hostPath:
      path: /var/lib/docker/containers
      type: ""
    name: varlibcontainers
  - hostPath:
      path: /var/log
      type: ""
    name: varlogs
  - hostPath:
      path: /var/log/journal
      type: ""
    name: systemd
  - hostPath:
      path: /var/lib/fluent-bit/
      type: ""
    name: positions
  - name: kube-api-access-bx98g
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
          - key: ca.crt
            path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
            path: namespace
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2024-07-03T19:04:49Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2024-07-03T19:04:57Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2024-07-03T19:04:57Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2024-07-03T19:04:48Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://c725a321374ebec5c772a78079da6636859345462a25e229879d3ed596b7fb8a
    image: kubesphere/fluent-bit:v2.2.2
    imageID: docker-pullable://kubesphere/fluent-bit@sha256:2b7080983728ddef78e9f78feb31116bc6ed97affa04f09d42e9540bf6331da3
    lastState: {}
    name: fluent-bit
    ready: true
    restartCount: 0
    started: true
    state:
      running:
        startedAt: "2024-07-03T19:04:57Z"
  hostIP: 192.168.58.2
  initContainerStatuses:
  - containerID: docker://2e2fc23b936f2a4f2373654d74103f1443ca1ad19917cdb3abdc7abf7b063d25
    image: registry.hub.docker.com/library/alpine:3.12.0
    imageID: docker-pullable://registry.hub.docker.com/library/alpine@sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321
    lastState: {}
    name: chowner-fb-storage
    ready: true
    restartCount: 0
    state:
      terminated:
        containerID: docker://2e2fc23b936f2a4f2373654d74103f1443ca1ad19917cdb3abdc7abf7b063d25
        exitCode: 0
        finishedAt: "2024-07-03T19:04:48Z"
        reason: Completed
        startedAt: "2024-07-03T19:04:48Z"
  phase: Running
  podIP: 10.244.0.30
  podIPs:
  - ip: 10.244.0.30
  qosClass: Burstable
  startTime: "2024-07-03T19:04:48Z"

If the bug persists, can you give me some more information?