I have installed a cluster but can't seem to configure coredns to run. I get the following message when I do a kubectl describe replicaset -n kube-system:
Error creating: pods "coredns-7945fb857d-" is forbidden: unable to validate against any pod security policy: [pod.metadata.annotations[seccomp.security.alpha.kubernetes.io/pod]: Forbidden: is not an allowed seccomp profile. Valid values are runtime/default pod.metadata.annotations[container.apparmor.security.beta.kubernetes.io/coredns]: Forbidden: AppArmor profile must be set pod.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/coredns]: Forbidden: is not an allowed seccomp profile. Valid values are runtime/default spec.containers[0].securityContext.capabilities.add: Invalid value: "NET_BIND_SERVICE": capability may not be added
can anybody point me in the right direction
It might be that the coreDNS pod wasn't even created due to a Pod Security Policy:
PodSecurityPolicies are enforced (...) but doing so without authorizing any policies will prevent any pods from being created in the cluster.
In this specific case, is complaining that the profile in the Seccomp annotation is not valid:
[seccomp.security.alpha.kubernetes.io/pod]: Forbidden: is not an allowed seccomp profile.
You can check here a list of valid profiles and an example of a custom one.