Open onap4105 opened 5 months ago
Hey @onap4105,
I followed your instruction and tried to reproduce the issue. For me, everything worked well: Adding this into values.yaml under fluentbit section:
fluentbit:
# initContainers test run as non root user
initContainers:
- name: chowner-fb-storage
image: registry.hub.docker.com/library/alpine:3.12.0
command: ["chown", "3301:3301", "/fluent-bit"]
securityContext:
readOnlyRootFilesystem: true
capabilities:
drop: ["all"]
add: ["CHOWN"]
runAsUser: 0
runAsNonRoot: false
volumeMounts:
- name: positions
mountPath: /fluent-bit
Adjusting the fluentbit-fluentBit.yaml
like this:
{{- if .Values.fluentbit.initContainers }}
initContainers:
{{ toYaml .Values.fluentbit.initContainers | indent 4 }}
{{- end }}
Using the fluent-operator v2.8.0
Results of helm deployment:
NAME: fluent-operator
LAST DEPLOYED: Wed Jul 3 21:04:37 2024
NAMESPACE: fluent
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Thank you for installing fluent-operator
Your release is named fluent-operator
To learn more about the release ,try:
$ helm status fluent-operator -n fluent
$ helm get fluent-operator -n fluent
fluent-bit pod:
> k get pods fluent-bit-8shbv -oyaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2024-07-03T19:04:48Z"
generateName: fluent-bit-
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fluent-bit
controller-revision-hash: 6f794545d
pod-template-generation: "1"
name: fluent-bit-8shbv
namespace: fluent
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: DaemonSet
name: fluent-bit
uid: 7bb083fe-45a6-46d1-9a05-51d440d81381
resourceVersion: "87333"
uid: 9db10dfa-c2a3-4ed6-9274-b6e0cd8053da
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchFields:
- key: metadata.name
operator: In
values:
- minikube
containers:
- env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
image: kubesphere/fluent-bit:v2.2.2
imagePullPolicy: IfNotPresent
name: fluent-bit
ports:
- containerPort: 2020
name: metrics
protocol: TCP
resources:
limits:
cpu: 500m
memory: 200Mi
requests:
cpu: 10m
memory: 25Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /fluent-bit/config
name: config
readOnly: true
- mountPath: /var/lib/docker/containers
mountPropagation: None
name: varlibcontainers
readOnly: true
- mountPath: /var/log/
mountPropagation: None
name: varlogs
readOnly: true
- mountPath: /var/log/journal
mountPropagation: None
name: systemd
readOnly: true
- mountPath: /fluent-bit/tail
name: positions
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-bx98g
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
initContainers:
- command:
- chown
- 3301:3301
- /fluent-bit
image: registry.hub.docker.com/library/alpine:3.12.0
imagePullPolicy: IfNotPresent
name: chowner-fb-storage
resources: {}
securityContext:
capabilities:
add:
- CHOWN
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: false
runAsUser: 0
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /fluent-bit
name: positions
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-bx98g
readOnly: true
nodeName: minikube
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: fluent-bit
serviceAccountName: fluent-bit
terminationGracePeriodSeconds: 30
tolerations:
- operator: Exists
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/disk-pressure
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/memory-pressure
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/pid-pressure
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/unschedulable
operator: Exists
volumes:
- name: config
secret:
defaultMode: 420
secretName: fluent-bit-config
- hostPath:
path: /var/lib/docker/containers
type: ""
name: varlibcontainers
- hostPath:
path: /var/log
type: ""
name: varlogs
- hostPath:
path: /var/log/journal
type: ""
name: systemd
- hostPath:
path: /var/lib/fluent-bit/
type: ""
name: positions
- name: kube-api-access-bx98g
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2024-07-03T19:04:49Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2024-07-03T19:04:57Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2024-07-03T19:04:57Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2024-07-03T19:04:48Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://c725a321374ebec5c772a78079da6636859345462a25e229879d3ed596b7fb8a
image: kubesphere/fluent-bit:v2.2.2
imageID: docker-pullable://kubesphere/fluent-bit@sha256:2b7080983728ddef78e9f78feb31116bc6ed97affa04f09d42e9540bf6331da3
lastState: {}
name: fluent-bit
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2024-07-03T19:04:57Z"
hostIP: 192.168.58.2
initContainerStatuses:
- containerID: docker://2e2fc23b936f2a4f2373654d74103f1443ca1ad19917cdb3abdc7abf7b063d25
image: registry.hub.docker.com/library/alpine:3.12.0
imageID: docker-pullable://registry.hub.docker.com/library/alpine@sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321
lastState: {}
name: chowner-fb-storage
ready: true
restartCount: 0
state:
terminated:
containerID: docker://2e2fc23b936f2a4f2373654d74103f1443ca1ad19917cdb3abdc7abf7b063d25
exitCode: 0
finishedAt: "2024-07-03T19:04:48Z"
reason: Completed
startedAt: "2024-07-03T19:04:48Z"
phase: Running
podIP: 10.244.0.30
podIPs:
- ip: 10.244.0.30
qosClass: Burstable
startTime: "2024-07-03T19:04:48Z"
If the bug persists, can you give me some more information?
Describe the issue
I made these changes in values.yaml for supporting non root user
changes in fluentbit-fluentBit.yaml
To Reproduce
run "helm install fluent-operator -n fluentbit ./fluent-operator/" with above changes
Expected behavior
no warning and Error with "helm install fluent-operator -n fluentbit ./fluent-operator/"
Your Environment
How did you install fluent operator?
helm install fluent-operator -n fluentbit ./fluent-operator/
Additional context
No response