OpenShift pods seem OK but don't connect to local UIM: Error creating: pods "cadvisor-" is forbidden:
search cancel

OpenShift pods seem OK but don't connect to local UIM: Error creating: pods "cadvisor-" is forbidden:

book

Article ID: 371055

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

While deploying openshift to the OpenShift environment, and correcttly set up config-map and all pods restarted no connections are showing. 

There are errors against some pod creation attempts:

Error creating: pods "cadvisor-" is forbidden: unable to validate against any security context constraint: 
[provider "anyuid": Forbidden: not usable by user or serviceaccount, 
spec.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, 
spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, 
spec.volumes[2]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, 
spec.volumes[3]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, 
spec.volumes[4]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, 
provider restricted-v2: .containers[0].privileged: Invalid value: true: Privileged containers are not allowed, 
provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, 
provider "nonroot": Forbidden: not usable by user or serviceaccount, 
provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, 
provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, 
provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, 
provider "hostnetwork": Forbidden: not usable by user or serviceaccount, 
provider "hostaccess": Forbidden: not usable by user or serviceaccount, 
provider "node-exporter": Forbidden: not usable by user or serviceaccount, 
provider "privileged": Forbidden: not usable by user or serviceaccount]

Environment

  • DX UIM 23.4.*
  • Openshifft probe 1.02

Cause

  •  By default, the Prometheus pod tries to write data to the data/directory and it is failing with permission denied error

Resolution

To handle this issue in the scenario where the permission issues exist, it is possible to deploy replace the prometheus-kube.yaml default file with the one attached to this Article.

Openshift Monitoring (broadcom.com)

Powered by Wolken Software