Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: Encountering Errors and Warnings During Helm install fluent-operator #1155

Open
onap4105 opened this issue May 1, 2024 · 1 comment
Open

bug: Encountering Errors and Warnings During Helm install fluent-operator #1155

onap4105 opened this issue May 1, 2024 · 1 comment

Comments

@onap4105
Copy link

onap4105 commented May 1, 2024
edited
Loading

Describe the issue

  • Encountering Errors and Warnings During Helm install fluent-operator
$ helm install fluent-operator -n fluentbit ./fluent-operator/
W0430 21:57:57.912852   19520 warnings.go:70] unknown field "spec.securityContext.capabilities"
W0430 21:57:57.912852   19520 warnings.go:70] unknown field "spec.securityContext.privileged"
W0430 21:57:57.912852   19520 warnings.go:70] unknown field "spec.securityContext.readOnlyRootFilesystem"
Error: INSTALLATION FAILED: failed to refresh resource information: fluentbits.fluentbit.fluent.io "fluent-bit" not found

$ helm list -n fluentbit
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                   APP VERSION
fluent-operator fluentbit       1               2024-04-30 21:57:43.0906769 -0400 EDT   failed          fluent-operator-2.8.0   2.8.0
  • The deployment seems ok
$ kubectl get fluentbits.fluentbit.fluent.io -n fluentbit
NAME         AGE
fluent-bit   13h

$ kubectl get all -n fluentbit
NAME                                             READY   STATUS    RESTARTS   AGE
pod/fluent-bit-8sdnh                             1/1     Running   0          9h
pod/fluent-bit-9xgm2                             1/1     Running   0          9h
pod/fluent-bit-dtqw9                             1/1     Running   0          9h
pod/fluent-bit-fdm9f                             1/1     Running   0          9h
pod/fluent-bit-g54tw                             1/1     Running   0          9h
pod/fluent-bit-t7dw9                             1/1     Running   0          9h
pod/fluent-bit-vk27g                             1/1     Running   0          9h
pod/fluent-bit-wlhvz                             1/1     Running   0          9h
pod/fluent-bit-xx5g4                             1/1     Running   0          9h
pod/fluent-operator-5d466549cb-s8cn6             1/1     Running   0          9h

NAME                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
service/fluent-bit   ClusterIP   x.x.x.x          <none>        2020/TCP   9h

NAME                        DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/fluent-bit   9         9         9       9            9           <none>          9h

NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/fluent-operator             1/1     1            1           9h

NAME                                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/fluent-operator-5d466549cb             1         1         1       9h
  • I made these changes in values.yaml for supporting non root user
  # initContainers test run as non root user
  initContainers:
    - name: chowner-fb-storage
      image: registry.hub.docker.com/library/alpine:3.12.0
      command: ["chown", "3301:3301", "/fluent-bit"]
      securityContext:
        readOnlyRootFilesystem: true
        capabilities:
          drop: ["all"]
          add: ["CHOWN"]
        runAsUser: 0
        runAsNonRoot: false
      volumeMounts:
      - name: positions
        mountPath: /fluent-bit
  • changes in fluentbit-fluentBit.yaml
  {{- if .Values.fluentbit.initContainers }}
  initContainers:
{{ toYaml .Values.fluentbit.initContainers | indent 4 }}
  {{- end }}

To Reproduce

run "helm install fluent-operator -n fluentbit ./fluent-operator/" with above changes

Expected behavior

no warning and Error with "helm install fluent-operator -n fluentbit ./fluent-operator/"

Your Environment

- Fluent Operator version: v2.8.0
- Container Runtime: containerd://1.7.7-1
- Operating system: Ubuntu 22.04.4 LTS
- Kernel version: 5.15.0-1057-azure

How did you install fluent operator?

helm install fluent-operator -n fluentbit ./fluent-operator/

Additional context

No response
@SvenThies
Copy link
Contributor

Hey @onap4105,

I followed your instruction and tried to reproduce the issue. For me, everything worked well:
Adding this into values.yaml under fluentbit section:

fluentbit:
  # initContainers test run as non root user
  initContainers:
    - name: chowner-fb-storage
      image: registry.hub.docker.com/library/alpine:3.12.0
      command: ["chown", "3301:3301", "/fluent-bit"]
      securityContext:
        readOnlyRootFilesystem: true
        capabilities:
          drop: ["all"]
          add: ["CHOWN"]
        runAsUser: 0
        runAsNonRoot: false
      volumeMounts:
      - name: positions
        mountPath: /fluent-bit

Adjusting the fluentbit-fluentBit.yaml like this:

{{- if .Values.fluentbit.initContainers }}
initContainers:
{{ toYaml .Values.fluentbit.initContainers | indent 4 }}
{{- end }}

Using the fluent-operator v2.8.0

Results of helm deployment:

NAME: fluent-operator
LAST DEPLOYED: Wed Jul  3 21:04:37 2024
NAMESPACE: fluent
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Thank you for installing  fluent-operator
Your release is named    fluent-operator

To learn more about the release ,try:
   $ helm status  fluent-operator  -n  fluent
   $ helm get  fluent-operator  -n fluent

fluent-bit pod:

> k get pods fluent-bit-8shbv -oyaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2024-07-03T19:04:48Z"
  generateName: fluent-bit-
  labels:
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: fluent-bit
    controller-revision-hash: 6f794545d
    pod-template-generation: "1"
  name: fluent-bit-8shbv
  namespace: fluent
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: DaemonSet
    name: fluent-bit
    uid: 7bb083fe-45a6-46d1-9a05-51d440d81381
  resourceVersion: "87333"
  uid: 9db10dfa-c2a3-4ed6-9274-b6e0cd8053da
spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchFields:
          - key: metadata.name
            operator: In
            values:
            - minikube
  containers:
  - env:
    - name: NODE_NAME
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: spec.nodeName
    - name: HOST_IP
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: status.hostIP
    image: kubesphere/fluent-bit:v2.2.2
    imagePullPolicy: IfNotPresent
    name: fluent-bit
    ports:
    - containerPort: 2020
      name: metrics
      protocol: TCP
    resources:
      limits:
        cpu: 500m
        memory: 200Mi
      requests:
        cpu: 10m
        memory: 25Mi
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /fluent-bit/config
      name: config
      readOnly: true
    - mountPath: /var/lib/docker/containers
      mountPropagation: None
      name: varlibcontainers
      readOnly: true
    - mountPath: /var/log/
      mountPropagation: None
      name: varlogs
      readOnly: true
    - mountPath: /var/log/journal
      mountPropagation: None
      name: systemd
      readOnly: true
    - mountPath: /fluent-bit/tail
      name: positions
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-bx98g
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  initContainers:
  - command:
    - chown
    - 3301:3301
    - /fluent-bit
    image: registry.hub.docker.com/library/alpine:3.12.0
    imagePullPolicy: IfNotPresent
    name: chowner-fb-storage
    resources: {}
    securityContext:
      capabilities:
        add:
        - CHOWN
        drop:
        - all
      readOnlyRootFilesystem: true
      runAsNonRoot: false
      runAsUser: 0
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /fluent-bit
      name: positions
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-bx98g
      readOnly: true
  nodeName: minikube
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: fluent-bit
  serviceAccountName: fluent-bit
  terminationGracePeriodSeconds: 30
  tolerations:
  - operator: Exists
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
  - effect: NoSchedule
    key: node.kubernetes.io/disk-pressure
    operator: Exists
  - effect: NoSchedule
    key: node.kubernetes.io/memory-pressure
    operator: Exists
  - effect: NoSchedule
    key: node.kubernetes.io/pid-pressure
    operator: Exists
  - effect: NoSchedule
    key: node.kubernetes.io/unschedulable
    operator: Exists
  volumes:
  - name: config
    secret:
      defaultMode: 420
      secretName: fluent-bit-config
  - hostPath:
      path: /var/lib/docker/containers
      type: ""
    name: varlibcontainers
  - hostPath:
      path: /var/log
      type: ""
    name: varlogs
  - hostPath:
      path: /var/log/journal
      type: ""
    name: systemd
  - hostPath:
      path: /var/lib/fluent-bit/
      type: ""
    name: positions
  - name: kube-api-access-bx98g
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
          - key: ca.crt
            path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
            path: namespace
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2024-07-03T19:04:49Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2024-07-03T19:04:57Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2024-07-03T19:04:57Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2024-07-03T19:04:48Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://c725a321374ebec5c772a78079da6636859345462a25e229879d3ed596b7fb8a
    image: kubesphere/fluent-bit:v2.2.2
    imageID: docker-pullable://kubesphere/fluent-bit@sha256:2b7080983728ddef78e9f78feb31116bc6ed97affa04f09d42e9540bf6331da3
    lastState: {}
    name: fluent-bit
    ready: true
    restartCount: 0
    started: true
    state:
      running:
        startedAt: "2024-07-03T19:04:57Z"
  hostIP: 192.168.58.2
  initContainerStatuses:
  - containerID: docker://2e2fc23b936f2a4f2373654d74103f1443ca1ad19917cdb3abdc7abf7b063d25
    image: registry.hub.docker.com/library/alpine:3.12.0
    imageID: docker-pullable://registry.hub.docker.com/library/alpine@sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321
    lastState: {}
    name: chowner-fb-storage
    ready: true
    restartCount: 0
    state:
      terminated:
        containerID: docker://2e2fc23b936f2a4f2373654d74103f1443ca1ad19917cdb3abdc7abf7b063d25
        exitCode: 0
        finishedAt: "2024-07-03T19:04:48Z"
        reason: Completed
        startedAt: "2024-07-03T19:04:48Z"
  phase: Running
  podIP: 10.244.0.30
  podIPs:
  - ip: 10.244.0.30
  qosClass: Burstable
  startTime: "2024-07-03T19:04:48Z"

If the bug persists, can you give me some more information?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@onap4105 @SvenThies