Bug 1674934

Summary: fluentd pods don't start when cluster logging deployed from OperatorHub
Product: OpenShift Container Platform Reporter: Mike Fiedler <mifiedle>
Component: LoggingAssignee: Jeff Cantrill <jcantril>
Status: CLOSED DUPLICATE QA Contact: Anping Li <anli>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.1.0CC: aos-bugs, rmeggins
Target Milestone: ---   
Target Release: 4.1.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-02-11 19:10:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mike Fiedler 2019-02-11 17:30:45 UTC 
Description of problem:

When deploying clusterlogging from OperatorHub, the fluentd pods do not start.   oc describe on the fluentd daemonset shows:

Events:
  Type     Reason        Age                From                  Message
  ----     ------        ----               ----                  -------
  Warning  FailedCreate  4m (x23 over 39m)  daemonset-controller  Error creating: pods "fluentd-" is forbidden: unable to validate against any security context constraint: [spec.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[2]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[5]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[6]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[7]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[8]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[9]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed]

workaround:  oc adm policy add-scc-to-user privileged -z logcollector 

Version-Release number of selected component (if applicable): 4.0.0-0.nightly-2019-02-11-045151


How reproducible: Always


Steps to Reproduce:
1.  Install cluster logging from OperatorHub
2.  In the console, create a clusterlogging resource using the default yaml, changing the namespace to openshift-logging
3.  Wait for elasticsearch and kibana pods to be Ready

Actual results:

no fluentd pods running.   oc describe ds fluentd shows the error above.


Expected results:

fluentd pods running after creating a clusterlogging resource.
Comment 1 Jeff Cantrill 2019-02-11 19:10:43 UTC 

*** This bug has been marked as a duplicate of bug 1672772 ***