-
Notifications
You must be signed in to change notification settings - Fork 326
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to launch consul client with podsecuritypolicy. #1037
Comments
Hey @kevinlmadison I'm a bit confused. We don't expose port 8600 as consul-k8s/charts/consul/templates/client-daemonset.yaml Lines 383 to 388 in f7e829d
I don't know how this error would be possible. We do also have end-to-end tests for our helm chart with pod security policies and have not had any failures. |
That is odd, I'm definitely seeing a hostport open when I describe the daemonset.
Is there any info from my cluster that might be helpful? I'm deploying consul using this command and that exact |
|
That is very strange. Could you try to run
|
It does not....
|
🤔 Could it be something in your cluster that adds those? I've never seen anything like this before! |
Yeah I'm not sure, I'm going to investigate and get back to you, but at least I know it's not the pod security policy haha. |
Hi there, did you manage to find the issue? I'm experiencing the same thing.. consul-k8s version: 1.11.3
Daemonset Yaml:
Applied daemonset:
Kubernetes version: v1.23.4 |
I think when |
Community Note
We are running in a secure environment with RKE2 and thus need to manually set permissions with podsecuritypolicies. Enabling the podsecurity policy with helm allows us to use [8500,8502,8301] but not 8600 so the daemonset is failing to deploy. In the client psp I don't see any option to allow port 8600, does this need to be added to the template?
Logs
This goes away if I manually add port 8600 to the psp
Expected behavior
Environment details
If not already included, please provide the following:
consul-k8s
version: 1.11.2values.yaml
:Additionally, please provide details regarding the Kubernetes Infrastructure, as shown below:
The text was updated successfully, but these errors were encountered: