Open ocofaigh opened 8 months ago
Oh, I found the issue. I had to explicitly add this to the initContainer:
securityContext:
privileged: true
runAsUser: 0
This is missing from the doc here -> https://github.com/logdna/logdna-agent-v2/blob/master/docs/KUBERNETES.md#enabling-file-offset-tracking-across-restarts
Environment: IBM Cloud Openshift cluster 4.13
Steps:
git clone git@github.com:logdna/logdna-agent-v2.git
cd logdna-agent-v2
git checkout 3.9.1
oc new-project logdna-agent
oc create serviceaccount logdna-agent
oc create secret generic logdna-agent-key --from-literal=logdna-agent-key=XXXXXX
oc adm policy add-scc-to-user privileged system:serviceaccount:logdna-agent:logdna-agent
k8s/agent-resources-openshift.yaml
with the following changes:volume-mount-permissions-fix
initContainer (using these steps)Problem: The initContainer fails with:
Why would the
initContainer
running as root with theprivileged
SCC not be able to set permissions on/var/lib/logdna
?I even exec into the initContiner, and can see this:
Here is the final yaml I used: