Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Helm installation warnings and uninstall failure #1456

Open
alongir opened this issue Nov 29, 2023 · 0 comments
Open

Helm installation warnings and uninstall failure #1456

alongir opened this issue Nov 29, 2023 · 0 comments
Assignees
@kcns008
Labels
bug Something isn't working

Comments

@alongir
Copy link
Member

alongir commented Nov 29, 2023
edited

When using Helm on Openshift (on AWS), I see the following behavior:

  1. I see the following warning when I install:
W1129 14:23:48.829438   22854 warnings.go:70] would violate PodSecurity "restricted:latest": host namespaces (hostNetwork=true), allowPrivilegeEscalation != false (containers "sniffer", "tracer" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "sniffer", "tracer" must not include "CHECKPOINT_RESTORE", "DAC_OVERRIDE", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_RESOURCE" in securityContext.capabilities.add), restricted volume types (volumes "proc", "sys" use restricted volume type "hostPath"), runAsNonRoot != true (pod or containers "sniffer", "tracer" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "sniffer", "tracer" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W1129 14:23:48.907067   22854 warnings.go:70] would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "kubeshark-hub" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "kubeshark-hub" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "kubeshark-hub" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "kubeshark-hub" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
W1129 14:23:48.908988   22854 warnings.go:70] would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "kubeshark-front" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "kubeshark-front" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "kubeshark-front" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "kubeshark-front" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
  1. When I try to uninstall with helm I see this:
helm uninstall kubeshark-os
Error: failed to delete release: kubeshark-os

When I try to install again, using the same name, I see this:

helm install kubeshark-os . --set tap.proxy.worker.srvPort=30001
Error: INSTALLATION FAILED: cannot re-use a name that is still in use

Hence, I can't install Kubeshark twice in the same namespace.

  1. Similar problems occur when installing with the CLI.

TBD
Ensure eBPF/Openshift support
@alongir alongir self-assigned this Nov 29, 2023
@alongir alongir added the bug Something isn't working label Nov 29, 2023
@alongir alongir assigned kcns008 and unassigned alongir Nov 29, 2023
@alongir alongir assigned alongir and berezins and unassigned alongir and berezins Dec 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kcns008 kcns008

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alongir @kcns008 @berezins