我们正在AKS服务器上使用helm部署7.5版本的Grafana loki-stack。我们在安装舵图时遇到的问题如下。下面是我们在replica-set
中得到的错误信息Warning FailedCreate 12s (x13 over 33s) replicaset-controller Error creating: admission webhook "validation.gatekeeper.sh" denied the request: [azurepolicy-k8sazurecontainernoprivilegees-d30fc4a5d3050e7c7bd6] Privilege escalation container is not allowed: grafana-sc-dashboard
[azurepolicy-k8sazurecontainernoprivilegees-d30fc4a5d3050e7c7bd6] Privilege escalation container is not allowed: grafana
[azurepolicy-k8sazurecontainernoprivilegees-d30fc4a5d3050e7c7bd6] Privilege escalation container is not allowed: grafana-sc-datasources
(reverse-i-search)`he': helm upgrade --install --namespace=mon-eval loki . --set grafana.enabled=true,prometheus.enabled=true,prometheus.alertmanager.persistentVolume.enabled=false,prometheus.server.persistentVolume.enabled=false,loki.persistence.enabled=false
集群管理员在此集群上激活了Azure策略插件(Gatekeeper)。策略k8sazurecontainernoprivilegees阻塞容器grafana, grafana-sc-dashboard & grafana-sc-datasources
你现在有一些选择:
- 要求管理员从策略中排除命名空间(不推荐)
- 设置
allowPrivilegeEscalation: false内部的值。