Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"enablePrometheusStack" is not working on Openshift with Security Context enabled #1544

Open
Rajpratik71 opened this issue Sep 6, 2024 · 1 comment
Open

"enablePrometheusStack" is not working on Openshift with Security Context enabled #1544

Rajpratik71 opened this issue Sep 6, 2024 · 1 comment

Comments

@Rajpratik71
Copy link
Contributor

Describe the bug

Want to install "Robusta" on OpenShift with bundled "kube-prometheus-stack", but it failing.

To Reproduce
Steps to reproduce the behavior:

  1. Use below additional-values.yaml
openshift:
  enabled: true
  createScc: true
  createPrivilegedScc: true
playbooksPersistentVolume: true
grafanaRenderer:
  enableContainer: true
enablePlatformPlaybooks: true
runner:
  sendAdditionalTelemetry: true
  additional_env_vars: []
# enabledManagedConfiguration: true # Enable managed alerts
enablePrometheusStack: true
prometheus:
  prometheusSpec:
    retention: 15d #change the number of days here
# Customize settings
kube-prometheus-stack:
  grafana:
    persistence:
      enabled: true
  1. Then , try to install with below command
helm repo add robusta https://robusta-charts.storage.googleapis.com && helm repo update

INF_NODE=$(oc cluster-info | grep "Kubernetes control plane" | awk -F'//' '{print $2}' | awk -F'.' '{print $2}')

oc new-project robusta

helm upgrade -n robusta robusta robusta/robusta -f openshift-values.yaml --set clusterName=${INF_NODE} --install

Expected behavior

Install should be successful.

Screenshots

Error: failed pre-install: 1 error occurred:
        * timed out waiting for the condition

pratikraj@Pratiks-MacBook-Pro robusta % 
pratikraj@Pratiks-MacBook-Pro robusta % helm list -n robusta       
NAME    NAMESPACE       REVISION        UPDATED                                 STATUS  CHART           APP VERSION
robusta robusta         1               2024-09-07 02:01:39.892112 +0530 IST    failed  robusta-0.17.0  0.17.0     
pratikraj@Pratiks-MacBook-Pro robusta % 
pratikraj@Pratiks-MacBook-Pro robusta % oc get all -n robusta
Warning: apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+
NAME                                                    COMPLETIONS   DURATION   AGE
job.batch/robusta-kube-prometheus-st-admission-create   0/1           6m34s      6m34s
pratikraj@Pratiks-MacBook-Pro robusta %

Additional context

Describe of failed job

pratikraj@Pratiks-MacBook-Pro robusta % 
pratikraj@Pratiks-MacBook-Pro robusta % oc -n robusta describe job.batch/robusta-kube-prometheus-st-admission-create
Name:             robusta-kube-prometheus-st-admission-create
Namespace:        robusta
Selector:         batch.kubernetes.io/controller-uid=1c82a6f2-6340-48e4-b027-08f6da35b7df
Labels:           app=kube-prometheus-stack-admission-create
                  app.kubernetes.io/instance=robusta
                  app.kubernetes.io/managed-by=Helm
                  app.kubernetes.io/part-of=kube-prometheus-stack
                  app.kubernetes.io/version=55.7.0
                  chart=kube-prometheus-stack-55.7.0
                  heritage=Helm
                  release=robusta
Annotations:      batch.kubernetes.io/job-tracking: 
                  helm.sh/hook: pre-install,pre-upgrade
                  helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
Parallelism:      1
Completions:      1
Completion Mode:  NonIndexed
Start Time:       Sat, 07 Sep 2024 02:02:49 +0530
Pods Statuses:    0 Active (0 Ready) / 0 Succeeded / 0 Failed
Pod Template:
  Labels:           app=kube-prometheus-stack-admission-create
                    app.kubernetes.io/instance=robusta
                    app.kubernetes.io/managed-by=Helm
                    app.kubernetes.io/part-of=kube-prometheus-stack
                    app.kubernetes.io/version=55.7.0
                    batch.kubernetes.io/controller-uid=1c82a6f2-6340-48e4-b027-08f6da35b7df
                    batch.kubernetes.io/job-name=robusta-kube-prometheus-st-admission-create
                    chart=kube-prometheus-stack-55.7.0
                    controller-uid=1c82a6f2-6340-48e4-b027-08f6da35b7df
                    heritage=Helm
                    job-name=robusta-kube-prometheus-st-admission-create
                    release=robusta
  Service Account:  robusta-kube-prometheus-st-admission
  Containers:
   create:
    Image:      registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6
    Port:       <none>
    Host Port:  <none>
    Args:
      create
      --host=robusta-kube-prometheus-st-operator,robusta-kube-prometheus-st-operator.robusta.svc
      --namespace=robusta
      --secret-name=robusta-kube-prometheus-st-admission
    Environment:  <none>
    Mounts:       <none>
  Volumes:        <none>
Events:
  Type     Reason        Age                From            Message
  ----     ------        ----               ----            -------
  Warning  FailedCreate  87s (x8 over 12m)  job-controller  Error creating: pods "robusta-kube-prometheus-st-admission-create-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider "mongodb-scc": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .containers[0].runAsUser: Invalid value: 2000: must be in the ranges: [1000760000, 1000769999], provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "noobaa-db": Forbidden: not usable by user or serviceaccount, provider "noobaa": Forbidden: not usable by user or serviceaccount, provider "noobaa-endpoint": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "rook-ceph": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "rook-ceph-csi": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]
pratikraj@Pratiks-MacBook-Pro robusta %
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 6, 2024

Hi 👋, thanks for opening an issue! Please note, it may take some time for us to respond, but we'll get back to you as soon as we can!

  • 💬 Slack Community: Join Robusta team and other contributors on Slack here.
  • 📖 Docs: Find our documentation here.
  • 🎥 YouTube Channel: Watch our videos here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Rajpratik71