Open uhthomas opened 1 year ago
Any updates?
I ran into the same issue when deploying the Loki Helm Chart:
Warning FailedCreate 60m daemonset-controller Error creating: pods "grafana-loki-logs-ccn4k" is forbidden: violates PodSecurity "baseline:latest": hostPath volumes (volumes "varlog", "dockerlogs", "data"), privileged (container "grafana-agent" must not set securityContext.privileged=true)
Is this linked to #2781?
I've been trying to install Grafana Agent Operator and get it set up properly for a while and have been struggling.
https://grafana.com/docs/grafana-cloud/kubernetes-monitoring/configuration/config-k8s-agent-guide/#configure-grafana-agent-for-metrics
I have applied the exact manifests suggested by the Grafana Agent Operator manifest generator and it does not work. It turns out the DaemonSets violate the cluster PodSecurity policy of "baseline" which isn't that strict.
Looking deeper:
Following from https://github.com/grafana/agent/issues/3363, some feedback would have gone a long way. There were no logs from the operator or the agent, no events on the CRDs (LogsInstance, Integrations). Even just something simple like
created daemonset <namespace>/<name>
would have given me enough information to know it was actually trying to do something.For now, the workaround will be to grant the namespace elevated privileges.
Grafana Agent Operator Manifest Generator
The generated manifests: