You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I had issues deploying this chart in openshift 4.12. The error is permission denied in node filesystem: [2024/03/26 19:52:25] [ info] [sp] stream processor started 42[2024/03/26 19:52:30] [error] [input:tail:tail.0] read error, check permissions: /var/log/containers/*demo*.log 43[2024/03/26 19:52:30] [ warn] [input:tail:tail.0] error scanning path: /var/log/containers/*demo*.log
As I see, there is no default Security Context defined in values. I don't know why it is defined that way. From my understanding SCC is not enough to grant permissions for the pods to access node file system, as it is only a constraint, not a request. Here is some doc
Browsing, I found several users with the same problem. In some solutions I found this CS is added to make it work:
I first place I don't know if this is compliant with least privilegie principle.
Applying this SC, I see that this fail because of the SCC in this line.
In my case I got this error: provider fluent-bit: .containers[0].seLinuxOptions.level: Invalid value: "": must be s0:c37,c24, provider fluent-bit: .containers[0].seLinuxOptions.type: Invalid value: "spc_t": must be ,
I made it work changing SCC to this value:
seLinuxContext:
type: RunAsAny
In a deployment is important to check if the sa is actually associated to the scc deployed by the chart, as it can match with a previous one.
If it is possible for you check it and post your comments.
Thank you in advance.
The text was updated successfully, but these errors were encountered:
Hello community,
I had issues deploying this chart in openshift 4.12. The error is permission denied in node filesystem:
[2024/03/26 19:52:25] [ info] [sp] stream processor started 42[2024/03/26 19:52:30] [error] [input:tail:tail.0] read error, check permissions: /var/log/containers/*demo*.log 43[2024/03/26 19:52:30] [ warn] [input:tail:tail.0] error scanning path: /var/log/containers/*demo*.log
As I see, there is no default Security Context defined in values. I don't know why it is defined that way. From my understanding SCC is not enough to grant permissions for the pods to access node file system, as it is only a constraint, not a request. Here is some doc
Browsing, I found several users with the same problem. In some solutions I found this CS is added to make it work:
I first place I don't know if this is compliant with least privilegie principle.
Applying this SC, I see that this fail because of the SCC in this line.
In my case I got this error:
provider fluent-bit: .containers[0].seLinuxOptions.level: Invalid value: "": must be s0:c37,c24, provider fluent-bit: .containers[0].seLinuxOptions.type: Invalid value: "spc_t": must be ,
I made it work changing SCC to this value:
In a deployment is important to check if the sa is actually associated to the scc deployed by the chart, as it can match with a previous one.
If it is possible for you check it and post your comments.
Thank you in advance.
The text was updated successfully, but these errors were encountered: