Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GKE Autopilot Helm #62

Open
Pravin-Selvaranjan opened this issue Jul 16, 2024 · 1 comment
Open

GKE Autopilot Helm #62

Pravin-Selvaranjan opened this issue Jul 16, 2024 · 1 comment

Comments

@Pravin-Selvaranjan
Copy link

I am trying to deploy this chart on an Autopilot GKE cluster, which limits access to cluster nodes. I was able to modify and use a persistent volume instead of the host nodes volume but when I attempt a run, the pods created for the run seem to also try and use the host node volumes.

Error I get is as below

Cannot create container "atask-v0oelok6rb7slrkuj". HTTP error 400. Admission webhook "warden-validating.common-webhooks.networking.gke.io" denied the request: gke warden rejected the request because it violates one or more constraints. violations details: {"[denied by autogke-no-write-mode-hostpath]":["hostpath volume working-dir in container atask-v0oelok6rb7slrkuj is accessed in write mode; disallowed in autopilot.","hostpath volume data-dir in container atask-v0oelok6rb7slrkuj is accessed in write mode; disallowed in autopilot.","hostpath volume temporary-dir in container atask-v0oelok6rb7slrkuj is accessed in write mode; disallowed in autopilot.","hostpath volume run-plugins-dir in container atask-v0oelok6rb7slrkuj is accessed in write mode; disallowed in autopilot.","hostpath volume workspace-plugins-dir used in container atask-v0oelok6rb7slrkuj uses path /home/kubernetes/flexvolume/agent-k8s/workspaces/ws-v0o49lsfrfa68ueb2/plugins which is not allowed in autopilot. allowed path prefixes for hostpath volumes are: [/var/log/].","hostpath volume registry-terraform-io used in container atask-v0oelok6rb7slrkuj uses path /home/kubernetes/flexvolume/agent-k8s/plugins/registry.terraform.io which is not allowed in autopilot. allowed path prefixes for hostpath volumes are: [/var/log/].","hostpath volume registry-opentofu-org used in container atask-v0oelok6rb7slrkuj uses path /home/kubernetes/flexvolume/agent-k8s/plugins/registry.opentofu.org which is not allowed in autopilot. allowed path prefixes for hostpath volumes are: [/var/log/].","hostpath volume global-plugins-dir-v012 used in container atask-v0oelok6rb7slrkuj uses path /home/kubernetes/flexvolume/agent-k8s/plugins/linuxAmd64 which is not allowed in autopilot. allowed path prefixes for hostpath volumes are: [/var/log/]."]} requested by user: 'system:serviceaccount:scalr:scalr-agent-agent-k8s', groups: 'system:serviceaccounts,system:serviceaccounts:scalr,system:authenticated'
@mermoldy
Copy link
Member

@Pravin-Selvaranjan Hi, sorry, but currently the agent does not support GKE Autopilot mode because hostPath volumes are required for the agent to work. You can find some details here: #5 (comment). We want to get rid of hostPath volumes in the future and make agent fully cloud-native (and so compatible with GKE Autopilot), but there are no explicit roadmap at the moment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mermoldy @Pravin-Selvaranjan