Hi, I am facing to an issue to deploy Signoz with ...
# supportp
Pierre Filliolaud
02/06/2023, 10:53 AMHi, I am facing to an issue to deploy Signoz with Helm on my GKE autopilot mode.
Copy code
Error: INSTALLATION FAILED: admission webhook "<http://gkepolicy.common-webhooks.networking.gke.io|gkepolicy.common-webhooks.networking.gke.io>" denied the request: GKE Warden rejected the request because it violates one or more policies: {"[denied by autogke-no-host-port]":["container my-release-k8s-infra-otel-agent specifies a host port; disallowed in Autopilot. Requested by user: 'xxx@xxxx.xx', groups: 'system:authenticated'."],"[denied by autogke-no-write-mode-hostpath]":["hostPath volume varlibdockercontainers used in container my-release-k8s-infra-otel-agent uses path /var/lib/docker/containers which is not allowed in Autopilot. Allowed path prefixes for hostPath volumes are: [/var/log/].s
Srikanth Chekuri
02/06/2023, 11:33 AM@Prashant Shahi can help with this. I don’t think we have tested the autopilot mode.
p
Prashant Shahi
02/06/2023, 12:56 PMHi @Pierre Filliolaud, I don't think log collection would be possible in OtelCollector at the moment for GKE autopilot.
You will need to disable the log collection. You can do that by including the below in `override-values.yaml`:
Copy code
k8s-infra:
presets:
logsCollection:
enabled: falsePrashant Shahi
02/06/2023, 12:59 PMYou might also have to switch to readonly kubelet endpoint:
Copy code
k8s-infra:
presets:
kubeletMetrics:
authType: none
endpoint: ${K8S_NODE_NAME}:10255p
Pierre Filliolaud
02/06/2023, 3:09 PMThank you @Prashant Shahi I am going to test
Pierre Filliolaud
02/06/2023, 3:43 PMI set the override-values.yaml with
Copy code
global:
storageClass: gce-resizable
clickhouse:
cloud: gcp
installCustomStorageClass: true
k8s-infra:
presets:
logsCollection:
enabled: false
kubeletMetrics:
authType: none
endpoint: ${K8S_NODE_NAME}:10255Pierre Filliolaud
02/06/2023, 3:43 PMand I am still getting the error
Pierre Filliolaud
02/06/2023, 3:44 PM Copy code
Error: INSTALLATION FAILED: admission webhook "<http://gkepolicy.common-webhooks.networking.gke.io|gkepolicy.common-webhooks.networking.gke.io>" denied the request: GKE Warden rejected the request because it violates one or more policies: {"[denied by autogke-no-host-port]":["container signoz-app-k8s-infra-otel-agent specifies a host port; disallowed in Autopilot. Requested by user: 'xxx@xxx.xx', groups: 'system:authenticated'."],"[denied by autogke-no-write-mode-hostpath]":["hostPath volume varlibdockercontainers used in container signoz-app-k8s-infra-otel-agent uses path /var/lib/docker/containers which is not allowed in Autopilot. Allowed path prefixes for hostPath volumes are: [/var/log/]. Requested by user: 'xxx@xxx.xx', groups: 'system:authenticated'."]}p
Prashant Shahi
02/07/2023, 5:58 AM@Pierre Filliolaud I see that Autopilot has some security limitations which is causing this. Unfortunately, it will require some changes and experiments from our side to confirm that it works GKE Autopilot.
Can you create an issue in SigNoz charts repo for this?
I will discuss with our team and see if this can be prioritised.
Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/daemonset#autopilot-ds-best-practices
Prashant Shahi
02/07/2023, 5:59 AMcc @Ankit Nayan
Prashant Shahi
02/07/2023, 7:11 AMtracking issue: https://github.com/SigNoz/charts/issues/162
p
Pierre Filliolaud
02/07/2023, 7:34 AMtks you
7 Views