Closed winston0410 closed 4 months ago
I am trying to harden vector, and I have the following securityContext. This is a kustomize patch:
spec: template: spec: automountServiceAccountToken: false securityContext: fsGroup: 65534 seccompProfile: type: RuntimeDefault containers: - imagePullPolicy: IfNotPresent name: vector image: timberio/vector:0.38.X-debian securityContext: runAsNonRoot: true runAsUser: 65534 runAsGroup: 65534 allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL
After setting that, I have the following error:
2024-07-04T22:33:56.683347Z ERROR source{component_kind="source" component_id=kubernetes_logs component_type=kubernetes_logs}:file_server: vector::internal_events::file::source: Failed reading file for fingerprinting. file=/var/log/pods/knative-eventing_eventing-controller-7d97757877-j66wl_5967ff0d-41b1-4c55-9a91-93c5db5d73a9/eventing-controller/0.log error=Permission denied (os error 13) error_code="reading_fingerprint" error_type="reader_failed" stage="receiving" internal_log_rate_limit=true
I have tried to add CAP_DAC_OVERRIDE and CHOWN to the capabilities, but still I have the same error. What capabilities I need to add to the container, to make the above error disappear?
CAP_DAC_OVERRIDE
CHOWN
I am trying to harden vector, and I have the following securityContext. This is a kustomize patch:
After setting that, I have the following error:
I have tried to add
CAP_DAC_OVERRIDEandCHOWNto the capabilities, but still I have the same error. What capabilities I need to add to the container, to make the above error disappear?