K
Q

Coredns unable to depoy

7/5/2019

I have installed a cluster but can't seem to configure coredns to run. I get the following message when I do a kubectl describe replicaset -n kube-system:

Error creating: pods "coredns-7945fb857d-" is forbidden: unable to validate against any pod security policy: [pod.metadata.annotations[seccomp.security.alpha.kubernetes.io/pod]: Forbidden:  is not an allowed seccomp profile. Valid values are runtime/default pod.metadata.annotations[container.apparmor.security.beta.kubernetes.io/coredns]: Forbidden: AppArmor profile must be set pod.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/coredns]: Forbidden:  is not an allowed seccomp profile. Valid values are runtime/default spec.containers[0].securityContext.capabilities.add: Invalid value: "NET_BIND_SERVICE": capability may not be added

can anybody point me in the right direction

-- driftavalii
coredns
kubernetes

Similar Questions

How to set kiali-ui/package.json 'proxy' attribute when "yarn start" in kiali-ui?
MountVolume.SetUp failed for volume "policy-adapter-secret" : couldn't propagate object cache: timed out waiting for the condition
How to push content from one pod to other pod?
What exactly Kubernetes Services are and how they are different from Deployments
How to keep an ES cluster happy during a K8s(!) node update?

1 Answer

7/5/2019

It might be that the coreDNS pod wasn't even created due to a Pod Security Policy:

PodSecurityPolicies are enforced (...) but doing so without authorizing any policies will prevent any pods from being created in the cluster.

In this specific case, is complaining that the profile in the Seccomp annotation is not valid:

[seccomp.security.alpha.kubernetes.io/pod]: Forbidden: is not an allowed seccomp profile.

You can check here a list of valid profiles and an example of a custom one.

-- yyyyahir
Source: StackOverflow