Docker container not starting due to Kubernetes security constraints.

[mohsin106]

Please direct all support questsions to slack or the forums. Thank you.

Telegraf Container Image: telegraf:1.29.5-alpine Environment: Kubernetes After some security policies were implemented on my Kubernetes cluster my Telegraf container is not able to run as it once was.

This is the error I am getting in the container logs:

Failed to set additional capabilities on /usr/bin/telegraf
su-exec: setgroups: Operation not permitted
unable to set CAP_SETFCAP effective capability: Operation not permitted

From what I understood this is because the security policies will block any container from starting if it:

• Tries to escalate to root privileges. Pod cannot contain - securityContext: allowPrivilegeEscalation: true
• If a seccomp profile is not set.
• If any sysctls are in the deployment configuration.
• If containers perform a restricted host OS capability such as: raw packet generation, host device exposer, or mounting the docker socker outside of the Kubernetes context.

Would it be possible to update the container configurations so that it complies with these security policies?

[telegraf-tiger[bot]]

Hello! I recommend posting this question in our Community Slack or Community Forums, we have a lot of talented community members there who could help answer your question more quickly. You can also learn more about Telegraf by enrolling at InfluxDB University for free!

Heads up, this issue will be automatically closed after 7 days of inactivity. Thank you!