16 Oct 2024 07:40 AM
Hi everybody,
On last Friday (11th), we were attempting to deploy Dynatrace-operator 1.3.0 cloud-native via helm deployment.
The deployment was “stalled” by a requirement for privileged mode in the cluster:
Error: UPGRADE FAILED: release dynatrace-operator failed, and has been rolled back due to atomic being set: failed to create resource: DaemonSet.apps "dynatrace-oneagent-csi-driver" is invalid: [spec.template.spec.containers[0].volumeMounts.mountPropagation: Forbidden: Bidirectional mount propagation is available only to privileged containers, spec.template.spec.containers[1].volumeMounts.mountPropagation: Forbidden: Bidirectional mount propagation is available only to privileged containers]
We tried to bypass this with some labeling on the Dynatrace namespace (Dynatrace documentation):
Name: dynatrace
Labels: kubernetes.io/metadata.name=dynatrace
pod-security.kubernetes.io/audit=privileged
pod-security.kubernetes.io/enforce=privileged
pod-security.kubernetes.io/warn=privileged
Annotations: <none>
Status: Active
This did not have the desired effect. Does anybody have similiar issue in the past?
Best regards,
Lukas
Solved! Go to Solution.
16 Oct 2024 09:02 AM
Hi @Lukas_Lorinc,
One of my clients follow these steps, they also used helm on OKD. Have you done the #2?
# Dynatrace cloudnativefullstack install on OKD 4.16
# 1. install CSI driver (https://github.com/Dynatrace/dynatrace-operator)
oc create namespace dynatrace
oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/latest/download/kubernetes.yaml
# 2. add label to csidriver
oc label csidriver csi.oneagent.dynatrace.com security.openshift.io/csi-ephemeral-volume-profile=restricted
# 3. install the Dynakube instance with CloudnativeFullstack mode:
oc apply -f dynakube-cloudnativefullstack.yaml
I hope it helps.
Best regards,
Mizső