Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Single Step APM Instrumentation violates Kubernetes baseline PodSecurityStandar #34147

Open
Chr1stian opened this issue Feb 18, 2025 · 0 comments
Open

[BUG] Single Step APM Instrumentation violates Kubernetes baseline PodSecurityStandar #34147

Chr1stian opened this issue Feb 18, 2025 · 0 comments
Labels
team/agent-apm trace-agent team/triage

Comments

@Chr1stian
Copy link

Agent Environment

7.56.1

Describe what happened:
Tested enabling Single Step APM Instrumentation in kubernetes with the Datadog Helm Chart: https://docs.datadoghq.com/tracing/trace_collection/automatic_instrumentation/single-step-apm/?tab=kubernetespreview#specifying-at-the-cluster-level

Describe what you expected:
Expected pods in selected namespace to start with the tracing injected. Instead they fail with the following error:
Error creating: pods "my-pod-name-here" is forbidden: violates PodSecurity "baseline:latest": hostPath volumes (volume "datadog")

Steps to reproduce the issue:

Additional environment details (Operating System, Cloud provider, etc):
AWS EKS.

It is probably the same as reported in issue #28274 , but for Single Step APM Instrumentation there is no option to set socketEnabled: false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
team/agent-apm trace-agent team/triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Chr1stian