ocp集群部署daemonset的node-exporter报错:Host network is not allowed to be used provider restricted

  • 时间:
  • 浏览:
  • 来源:互联网

目录

环境

现象

解决

相关官方文档


环境

ocp3.11

现象

node-exporter使用daemonset部署,需要host network网络模式。

在ocp上始终部署不起来,通过nde-exporter ds的状态

oc describe ds node-exporter
Events:
  Type     Reason        Age                From                  Message
  ----     ------        ----               ----                  -------
  Warning  FailedCreate  5s (x13 over 26s)  daemonset-controller  Error creating: pods "node-exporter-" is forbidden: unable to validate against any security context constraint: [provider restricted: .spec.securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used provider restricted: .spec.securityContext.hostPID: Invalid value: true: Host PID is not allowed to be used spec.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[2]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.containers[0].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used spec.containers[0].securityContext.containers[1].hostPort: Invalid value: 9100: Host ports are not allowed to be used spec.containers[0].securityContext.hostPID: Invalid value: true: Host PID is not allowed to be used spec.containers[1].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used spec.containers[1].securityContext.containers[1].hostPort: Invalid value: 9100: Host ports are not allowed to be used spec.containers[1].securityContext.hostPID: Invalid value: true: Host PID is not allowed to be used]

解决

https://adam.younglogic.com/2017/06/creating-a-privileged-container-in-openshift/

node-exporter这个daemonset有对应的service account 为node-exporter,为了解决这个问题,需要给node-exporter这个service account赋予对应的权限。

oc adm policy add-scc-to-user privileged -n openshift-monitoring -z node-exporter

问题解决~

相关官方文档

https://docs.openshift.com/container-platform/3.11/admin_guide/manage_scc.html

 

本文链接http://smartadmin.com.cn/smartadmin/show-5811.html