-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failed to install kubebench due to kubebench nfs deploy failed #147
Comments
Checked the problem, that should be caused by the the serviceaccount has no privileged security policy, see below. [root@test ks_app]# kubectl --as=system:serviceaccount:kubeflow:default -n kubeflow auth can-i use podsecuritypolicy/privileged
no Suggest that ensure the pod security policy in the install script before deploy nfs. Thanks. |
worked around solution: kubectl -n ${K8S_NAMESPACE} create role psp:privileged --verb=use --resource=podsecuritypolicy --resource-name=privileged
kubectl -n ${K8S_NAMESPACE} create rolebinding ${KB_ENV}:psp:privileged --role=psp:privileged --serviceaccount=${K8S_NAMESPACE}:default But I think we should better to update install script to ensure that automatically. |
@jinchihe Can you show me your PodSecurityPolicy? |
Below is PodSecurityPolicy which has been modified as above steps. Thanks. [root@test hejinchi]# kubectl get PodSecurityPolicy -n kubeflow
NAME PRIV CAPS SELINUX RUNASUSER FSGROUP SUPGROUP READONLYROOTFS VOLUMES
default false RunAsAny RunAsAny RunAsAny RunAsAny false *
privileged true * RunAsAny RunAsAny RunAsAny RunAsAny false * |
Install kubebench by following Readme file, but failed, that's caused the nfs cannot be deployment, please see below for details.
The text was updated successfully, but these errors were encountered: