cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cloud-Native setup in non-privileged Kubernetes cluster

Lukas_Lorinc
Visitor

Hi everybody,

On last Friday (11th), we were attempting to deploy Dynatrace-operator 1.3.0 cloud-native via helm deployment. 

The deployment was “stalled” by a requirement for privileged mode in the cluster: 

 

Error: UPGRADE FAILED: release dynatrace-operator failed, and has been rolled back due to atomic being set: failed to create resource: DaemonSet.apps "dynatrace-oneagent-csi-driver" is invalid: [spec.template.spec.containers[0].volumeMounts.mountPropagation: Forbidden: Bidirectional mount propagation is available only to privileged containers, spec.template.spec.containers[1].volumeMounts.mountPropagation: Forbidden: Bidirectional mount propagation is available only to privileged containers]

 

We tried to bypass this with some labeling on the Dynatrace namespace (Dynatrace documentation): 

Name:         dynatrace

Labels:       kubernetes.io/metadata.name=dynatrace

                      pod-security.kubernetes.io/audit=privileged

                      pod-security.kubernetes.io/enforce=privileged

                      pod-security.kubernetes.io/warn=privileged

Annotations:  <none>

Status:       Active

 

 

This did not have the desired effect. Does anybody have similiar issue in the past?

Best regards,

Lukas

1 REPLY 1

Mizső
DynaMight Guru
DynaMight Guru

Hi @Lukas_Lorinc,

One of my clients follow these steps, they also used helm on OKD. Have you done the #2?

# Dynatrace cloudnativefullstack install on OKD 4.16

# 1. install CSI driver (https://github.com/Dynatrace/dynatrace-operator)
oc create namespace dynatrace
oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/latest/download/kubernetes.yaml

# 2. add label to csidriver
oc label csidriver csi.oneagent.dynatrace.com security.openshift.io/csi-ephemeral-volume-profile=restricted

# 3. install the Dynakube instance with CloudnativeFullstack mode:
oc apply -f dynakube-cloudnativefullstack.yaml

I hope it helps.

Best regards,

Mizső

Dynatrace Community RockStar 2024, Certified Dynatrace Professional

Featured Posts