spec.initContainers[1].securityContext.privileged: Forbidden: disallowed by cluster policy] while running privileged containers in Tanzu Kubernetes Grid Integrated Edition

search cancel

spec.initContainers[1].securityContext.privileged: Forbidden: disallowed by cluster policy] while running privileged containers in Tanzu Kubernetes Grid Integrated Edition

book

Article ID: 305376

calendar_today

Updated On:

Products

VMware Tanzu Kubernetes Grid Integrated Edition

Issue/Introduction

This KB outlines the steps to run privileged containers.

Symptoms:
You may hit the error while running privileged containers on TKGI clusters. You will see below errors

Events:
  Type     Reason        Age                From                    Message
  ----     ------        ----               ----                    -------
  Warning  FailedCreate  7s (x12 over 17s)  statefulset-controller  create Pod testing in StatefulSet testing failed error: Pod "testing" is invalid: [spec.initContainers[0].securityContext.privileged: Forbidden: disallowed by cluster policy, spec.initContainers[1].securityContext.privileged: Forbidden: disallowed by cluster policy]

Environment

TKGI

Cause

Allow Privileged option is not enabled by default in TKGI.

Resolution

You can apply the following steps :-

1) Login to Ops Manager UI and go to TKGI tile --> Plan X --> Enable "Allow Privileged" option.

2) Click save. Do this for all Plans where you wish to enable this.

3) Review pending changes and run apply changes against TKGI. Upgrading the cluster either with the errand or tkgi upgrade-cluster command will persist the change.

Additional Information

Official documentation - https://techdocs.broadcom.com/us/en/vmware-tanzu/standalone-components/tanzu-kubernetes-grid-integrated-edition/1-19/tkgi/installing-vsphere.html

Feedback

thumb_up Yes

thumb_down No