Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

podSecurityContext does not work using Helm values template #254

Open
lisenet opened this issue Aug 3, 2023 · 0 comments
Open

podSecurityContext does not work using Helm values template #254

lisenet opened this issue Aug 3, 2023 · 0 comments

Comments

@lisenet
Copy link

lisenet commented Aug 3, 2023

Using Helm values.yaml file to set podSecurityContext following commit a034c94 does not seem to work.

Attempt 1

Snippet from the values.yaml that is in use when the problem happens:

podSecurityContext:
  runAsNonRoot: true
  runAsUser: 1001
  runAsGroup: 1001
  fsGroup: 1001

The following error appears:

Failed to open custom log directory at /var/log/kube-monkey; defaulting to /tmp! Error: mkdir /var/log: permission denied

Fair enough, the user may not have privileges to write to /var/log.

Attempt 2

Updating values.yaml file to point container to the /tmp directory for logs where it should be able to write to:

args:
  logLevel: 5
  logDir: /tmp/kube-monkey

podSecurityContext:
  runAsNonRoot: true
  runAsUser: 1001
  runAsGroup: 1001
  fsGroup: 1001

Another error appears, the container can't create /tmp/kube-monkey/:

Failed to open custom log directory at /tmp/kube-monkey; defaulting to /tmp! Error: mkdir /tmp: permission denied

Attempt 3

Another update to the values.yaml file to remove /tmp from the path:

args:
  logLevel: 5
  logDir: /kube-monkey

podSecurityContext:
  runAsNonRoot: true
  runAsUser: 1001
  runAsGroup: 1001
  fsGroup: 1001

The error:

Failed to open custom log directory at /tmp; defaulting to /tmp! Error: mkdir /tmp: permission denied

If it's defaulting to /tmp, why does it attempt to create /tmp?

Attempt 4

Going for plain / for the logDir this time:

args:
  logLevel: 5
  logDir: /

podSecurityContext:
  runAsNonRoot: true
  runAsUser: 1001
  runAsGroup: 1001
  fsGroup: 1001

The error:

log: exiting because of error: log: cannot create log: open /tmp/kube-monkey.kubemonkey-kube-monkey-56fb8ccbbf-ww8q6.unknownuser.log.INFO.20230803-141834.1: no such file or directory

Question

Was this merged without being tested? Can you post a working example of the Helm values.file?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lisenet