- What have you already tried? Please include links to gists and/or code blocks (if relatively small)
Try to deploy sensu in kubernetes with security context.
- Tell us about your setup, this should include OS, version of Sensu, version of Sensu components (redis, rabbitmq), plugin versions (if applicable), anything special about your setup such as an airgapped network or strict ACLs
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: sensu-agent
namespace: sensu
labels:
app.kubernetes.io/name: sensu-agent
spec:
replicas: 1
template:
metadata:
name: sensu-agent
labels:
app.kubernetes.io/name: sensu-agent
spec:
serviceAccountName: sensuagent
securityContext:
runAsUser: 1000
runAsGroup: 1000
containers:
- name: sensu-agent
image: "sensu/sensu:5.19.0"
command: [ "sensu-agent" ]
args: [ "start", "--api-host", "0.0.0.0", "--namespace", "$(SENSU_NAMESPACE)", "--subscriptions", "$(SENSU_SUBSCRIPTIONS)", "--backend-url", "$(SENSU_BACKEND_URL)", "--log-level", "$(SENSU_LOGLEVEL)", "--trusted-ca-file /certs-ca/sensu-ca.pem", "--statsd-disable", "--deregister", "--annotations $(ORIGIN)"]
ports:
- name: api
containerPort: 3031
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: 3031
initialDelaySeconds: 30
timeoutSeconds: 5
volumeMounts:
- mountPath: "/certs-ca"
name: sensu-ca-pem
readOnly: true
env:
- name: SENSU_BACKEND_URL
value: wss://sensu-api.example.com:8081
- name: SENSU_SUBSCRIPTIONS
value: kubernetes
- name: SENSU_NAMESPACE
value: default
- name: SENSU_LOGLEVEL
value: debug
- name: ORIGIN=kubernetes"
Log Error:
{“component”:“agent”,“error”:“error creating agent: could not create directory for api queue (/var/cache/sensu/sensu-agent): mkdir /var/cache/sensu: permission denied”,“level”:“fatal”,“msg”:“error executing sensu-agent”,“time”:“2020-04-09T08:22:15Z”}
- Is there a Github issue related to your issue? No
- Is there anything else that can help us effectively help you? i dont know yet.