Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Filebeat: failed validation with Helm 2.14 / kubernet 1.14 #136

Closed
dperetti opened this issue May 16, 2019 · 1 comment · Fixed by #140
Closed

Filebeat: failed validation with Helm 2.14 / kubernet 1.14 #136

dperetti opened this issue May 16, 2019 · 1 comment · Fixed by #140

Comments

@dperetti
Copy link

Chart version:
7.0.1-alpha1

Kubernetes version:
1.14.1

Kubernetes provider: E.g. GKE (Google Kubernetes Engine)
DigitalOcean

Helm Version:
2.14.0

Helm rejects the install with:

Error: validation failed: error validating "": error validating data: 
ValidationError(DaemonSet.spec.template.spec.containers[0].securityContext):
unknown field "fsGroup" in io.k8s.api.core.v1.SecurityContext

My understanding is that the podSecurityContext should be only set in spec.securityContext, not in spec.containers[].securityContext like it is here:
https://github.com/elastic/helm-charts/blob/master/filebeat/templates/daemonset.yaml#L108
Crazybus added a commit that referenced this issue May 27, 2019
@Crazybus
Remove fsGroup from container level security context
2408b21 
Fixes #136
@Crazybus Crazybus mentioned this issue May 27, 2019
Merged
@Crazybus
Copy link
Contributor

Thanks for reporting this! I have removed it in #140. As this container needs to run as root I can't think of any valid reason to make this configurable.

That extra validation looks really nice! I'm guessing it is a 1.14 feature. Previous versions of Kubernetes will just silently ignore any fields that it doesn't know 👍 .

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove fsGroup from container level security context elastic/helm-charts
2 participants
@dperetti @Crazybus