Grafana Alloy Helm Chart - Container not starting: exec /bin/alloy: operation not permitted

Question

Grafana Alloy Helm Chart - Container not starting: exec /bin/alloy: operation not permitted

PatMis16 opened this issue a month ago · comments

When deploying Grafana Alloy to EKS using the Helm Chart with a podSecurityContext where runAsUser is used the container does not start. The following error is logged:

exec /bin/alloy: operation not permitted

The podSecurityContext was defined like this:

podSecurityContext:
      fsGroup: 2000
      runAsNonRoot: true
      runAsUser: 473

This issue is actually the same as the one reported in the Grafana Alloy repository: grafana/alloy#630

The container must be deployable to an environment where the podSecurityContext is required and where all capabilities mut be droped.

jwklijnsma · Answer 1 · Sat Apr 27 2024 18:56:30 GMT+0800 (China Standard Time)

same issue on openshift

jwklijnsma · Answer 2 · Mon Apr 29 2024 16:56:00 GMT+0800 (China Standard Time)

@PatMis16 grafana/k8s-monitoring-helm@94cd73b#diff-e390381402a45a7097fa2694c01b9dde852ff38b337d0931f57b77ab3d367fc1 is fix there

Patrick Mischler · Answer 3 · Mon Apr 29 2024 20:36:52 GMT+0800 (China Standard Time)

@jwklijnsma
We also need this to be fixed in the alloy Helm Chart.

Patrick Mischler · Answer 4 · Thu May 23 2024 22:58:08 GMT+0800 (China Standard Time)

@jwklijnsma
Hi,
Actually now it works with the Helm Chart version 0.3.1 and Alloy version v1.1.0
BR,
Patrick