Reputation: 1367
Installing telepresence with a pod security policy
I'm trying to install telepresence into a EKS cluster that has PodSecurityPolicy's. I've gotten the traffic manager installed by running helm on the traffic manager chart:
helm install traffic-manager -n ambassador datawire/telepresence --create-namespace
After that I modify the traffic-manager-ambassador clusterRole to use one of the cluster PodSecurityPolicy's. Installation of the traffic manager eventually succeeds after I do this. However the installation of the uninstall-agent job fails:
Error creating: pods "uninstall-agents-" is forbidden: PodSecurityPolicy: unable to admit pod: []
My question is - what role or clusterRole do I have to modify to allow helm to uninstall telepresence? Or how do I figure out what service account is being used to try and install the pod so I can give it access to a pod security policy?
Upvotes: 1
Views: 370
Answers (1)
Reputation: 1367
I made some fixes at https://github.com/ddl-pjohnson/telepresence/pull/1/files to make it easier to add additional rules and to run the helm hook as the correct user.
Upvotes: 0
Related Questions
- Kubernetes helm - Running helm install in a running pod
- Deploy to kubernetes
- Accessing pods through ClusterIP
- EKS no portainer pod visible in context after helm install
- Telepresence fails, saying my namespace doesn't exist, pointing to problems with my k8s context
- deployment of the pod in the aws kops cluster
- Helm template for k8s PodSecurityPolicy
- k8s securityContext bypass
- Kubernetes Pod Security Policies
- Configuring PodSecurityPolicy on a kubeadm cluster