Telegraf Container Image: telegraf:1.29.5-alpine
Environment: Kubernetes
After some security policies were implemented on my Kubernetes cluster my Telegraf container is not able to run as it once was.
This is the error I am getting in the container logs:
Failed to set additional capabilities on /usr/bin/telegraf
su-exec: setgroups: Operation not permitted
unable to set CAP_SETFCAP effective capability: Operation not permitted
From what I understood this is because the security policies will block any container from starting if it:
- Tries to escalate to root privileges. Pod cannot contain - securityContext:
allowPrivilegeEscalation: true - If a seccomp profile is not set.
- If any sysctls are in the deployment configuration.
- If containers perform a restricted host OS capability such as: raw packet generation, host device exposer, or mounting the docker socker outside of the Kubernetes context.
Would it be possible to update the container configurations so that it complies with these security policies?
