You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am using the bitnami distribution of the kube-prometheus helm chart and deploying it in a Kubernetes namespace which enforces restricted PSS. The init-config-reloader initContainers of both alertmanager and prometheus statefulSets are unable to be admitted to the cluster as they do not set the securityContext properly.
The statefulSet pods should be admitted to the namespace enforcing restricted PSS
Actual Result
Pods are rejected:
Prometheus StatefulSet
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedCreate 2m23s (x16 over 5m7s) statefulset-controller create Pod prometheus-my-prometheus-kube-prometh-prometheus-0 in StatefulSet prometheus-my-prometheus-kube-prometh-prometheus failed error: pods "prometheus-my-prometheus-kube-prometh-prometheus-0" is forbidden: violates PodSecurity "restricted:v1.29": runAsNonRoot != true (pod or container "init-config-reloader" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "init-config-reloader" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
AlertManager StatefulSet
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedCreate 49s statefulset-controller create Pod alertmanager-my-prometheus-kube-prometh-alertmanager-0 in StatefulSet alertmanager-my-prometheus-kube-prometh-alertmanager failed error: pods "alertmanager-my-prometheus-kube-prometh-alertmanager-0" is forbidden: violates PodSecurity "restricted:v1.29": runAsNonRoot != true (pod or container "init-config-reloader" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "init-config-reloader" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
Prometheus Operator Version
0.71.2
Kubernetes Version
1.29.x
Kubernetes Cluster Type
kubeadm
How did you deploy Prometheus-Operator?
Other (please comment)
Manifests
No response
prometheus-operator log output
NA
Anything else?
No response
The text was updated successfully, but these errors were encountered:
Is there an existing issue for this?
What happened?
Description
bitnami/charts#23606
I am using the bitnami distribution of the kube-prometheus helm chart and deploying it in a Kubernetes namespace which enforces restricted PSS. The init-config-reloader initContainers of both alertmanager and prometheus statefulSets are unable to be admitted to the cluster as they do not set the securityContext properly.
Steps to Reproduce
Expected Result
The statefulSet pods should be admitted to the namespace enforcing restricted PSS
Actual Result
Pods are rejected:
Prometheus StatefulSet
AlertManager StatefulSet
Prometheus Operator Version
Kubernetes Version
1.29.x
Kubernetes Cluster Type
kubeadm
How did you deploy Prometheus-Operator?
Other (please comment)
Manifests
No response
prometheus-operator log output
Anything else?
No response
The text was updated successfully, but these errors were encountered: