Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deploying Paralus to Autopilot GKE failed - policy violation #54

Open
1 of 2 tasks
akshay196 opened this issue Aug 19, 2022 · 0 comments
Open
1 of 2 tasks

Deploying Paralus to Autopilot GKE failed - policy violation #54

akshay196 opened this issue Aug 19, 2022 · 0 comments
Labels
bug Something isn't working needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.

Comments

@akshay196
Copy link
Member

Expected vs actual behavior

  • Should install Paralus on Autopilot GKE using Helm chart

Steps to reproduce the bug

  1. Install Paralus ZTKA helm chart on Autopilot GKE cluster

Are you using the latest version of the project?

You can check your version by running helm ls|grep '^<deployment-name>' or using pctl, pctl version, and provide the output.

  • Helm chart ZTKA v0.1.0

What is your environment setup? Please tell us your cloud provider, operating system, and include the output of kubectl version --output=yaml and helm version. Any other information that you have, eg. logs and custom values, is highly appreciated!

Error log:

Error: release paralus failed, and has been uninstalled due to atomic being set: admission webhook "gkepolicy.common-webhooks.networking.gke.io" denied the request: GKE Policy Controller rejected the request because it violates one or more policies: {"[denied by autogke-no-write-mode-hostpath]":["hostPath volume data in container filebeat is accessed in write mode; disallowed in Autopilot. Requested by user: '[email protected]', groups: 'system:authenticated'.","hostPath volume varlibdockercontainers used in container filebeat uses path /var/lib/docker/containers which is not allowed in Autopilot. Allowed path prefixes for hostPath volumes are: [/var/log/]. Requested by user: '[email protected]', groups: 'system:authenticated'.","hostPath volume varrundockersock used in container filebeat uses path /var/run/docker.sock which is not allowed in Autopilot. Allowed path prefixes for hostPath volumes are: [/var/log/]. Requested by user: '[email protected]', groups: 'system:authenticated'."]}

(optional) If you have ideas on why the bug happens or how it can be solved, please provide it here

  • Checkout policy - autogke-no-write-mode-hostpath
  • And this - hostPath volume data in container filebeat is accessed in write mode
  • I've described the bug, included steps to reproduce it, and included my environment setup with all customizations.
  • I'm using the latest version of the project.
@akshay196 akshay196 added bug Something isn't working new Needs triage labels Aug 19, 2022
@akshay196 akshay196 added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. and removed new Needs triage labels Mar 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@akshay196