Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/kube-prometheus] seLinuxOptions defaults are not valid #24159

Closed
MaxRink opened this issue Mar 5, 2024 · 5 comments · Fixed by #24268, #24555, #24645 or #24675
Closed

[bitnami/kube-prometheus] seLinuxOptions defaults are not valid #24159

MaxRink opened this issue Mar 5, 2024 · 5 comments · Fixed by #24268, #24555, #24645 or #24675
Assignees
@javsalgar @carrodher
Labels
kube-prometheus solved tech-issues The user has a technical issue about an application triage Triage is needed

Comments

@MaxRink
Copy link
Contributor

MaxRink commented Mar 5, 2024
edited by carrodher

Name and Version

bitnami/kube-prometheus 8.29.1

What architecture are you using?

None

What steps will reproduce the bug?

57a916f, b91a628 and others have set seLinuxOptions to 'null' which is not valid on non openshift clusters from an apiserver perspective
This comes up as an error from flux as flux uses serverside-apply for drift correction.
However, the root cause is sending an invalid object to the apiserver, using server-side apply.

    Message:               Could not determine release state: unable to determine cluster state: Alertmanager/monitoring-system/alertmanager-alertmanager dry-run failed (Invalid): Alertmanager.monitoring.coreos.com "alertmanager-alertmanager" is invalid: [spec.containers[0].securityContext.seLinuxOptions: Invalid value: "null": spec.containers[0].securityContext.seLinuxOptions in body must be of type object: "null", spec.containers[1].securityContext.seLinuxOptions: Invalid value: "null": spec.containers[1].securityContext.seLinuxOptions in body must be of type object: "null"]

The clean fix is not even spitting out fields that are set to null in the templating process, the quick fix is the old behavior of just having an empty object

What is the expected behavior?

Having valid defaults that the apiserver can actually diff

What do you see instead?

a broken helmRelease as the apiserver can't diff old and new states anymore
@MaxRink MaxRink added the tech-issues The user has a technical issue about an application label Mar 5, 2024
@github-actions github-actions bot added the triage Triage is needed label Mar 5, 2024
@javsalgar
Copy link
Contributor

Hi!

Thank you so much for reporting. If that's the case, then I would do the following:

  • Revert the default seLinuxOptions to an empty object
  • Update the common.compatibility.renderSecurityContext helper (which is done to perform adaptations to openshift in securityContexts) and make it omit the seLinuxOptions value if it is an empty object.

@javsalgar javsalgar changed the title kube-prometheus seLinuxOptions defaults are not valid [bitnami/kube-prometheus] seLinuxOptions defaults are not valid Mar 8, 2024
@javsalgar javsalgar mentioned this issue Mar 8, 2024
Merged
4 tasks
@javsalgar
Copy link
Contributor

I created this PR to allow returning the seLinuxOptions to empty object #24268

@github-actions github-actions bot added the solved label Mar 8, 2024
@javsalgar javsalgar reopened this Mar 8, 2024
@javsalgar
Copy link
Contributor

Reopening the issue until it is fixed in kube-prometheus.

@github-actions github-actions bot removed the solved label Mar 8, 2024
@javsalgar javsalgar mentioned this issue Mar 19, 2024
Merged
4 tasks
This was referenced Mar 25, 2024
Merged
Merged
@Zebradil
Copy link

We experience the same issue with the grafana-operator chart. Could the same solution (changing from null to {}) applied there too?

@javsalgar
Copy link
Contributor

It's here #24647

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@javsalgar javsalgar

@carrodher carrodher

Labels
kube-prometheus solved tech-issues The user has a technical issue about an application triage Triage is needed
Projects
None yet
Milestone
No milestone
4 participants
@javsalgar @Zebradil @MaxRink @carrodher