New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[target allocator] Not run the target allocator as root #1346

Closed

iblancasa opened this issue Jan 4, 2023 · 0 comments · Fixed by #1345

Contributor

iblancasa commented Jan 4, 2023

Currently, the target allocator is run as root. This prevents the target allocator from being run in OpenShift without special capabilities.

When the target allocator pod is created, the following error can be seen in the kubectl describe <pod name> command output:

  Warning  Failed          12s (x2 over 12s)  kubelet            Error: container create failed: time="2023-01-03T15:56:58Z" level=error msg="runc create failed: unable to start container process: exec: \"./main\": stat ./main: permission denied"

How to reproduce

Create an OCP cluster (version 4.11 in my case)
Build and push to a registry the OTEL Collector Operator and Target Allocator container images
$ kubectl create namespace oteltest
$ kubectl -n oteltest create rolebinding default-view-oteltest --role=pod-view --serviceaccount=oteltest:ta
$ kubectl create -f tests/e2e/targetallocator-features/00-install.yaml -n oteltest:ta
Wait until the pod creation fails ($ kubectl get pods -n oteltest)

Note
The step 4 is executed manually because, when applying the manifest, it will fail because the TestStep kind is part of KUTTL.

The text was updated successfully, but these errors were encountered:

iblancasa mentioned this issue

Refactor the target allocator build to not run it as root #1345

Merged

pavolloffay closed this as completed in #1345

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment