From 849970c25586f7fd2b6c5bd9bca3b202350b0d36 Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Fri, 2 Sep 2022 13:39:18 +0200
Subject: [PATCH] trying again the fluentd issue, it seems to mostly ignore
 these settings, so setting debug=true

---
 .../templates/manifests/deploy-rancher-logging.j2    | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/roles/rke2/templates/manifests/deploy-rancher-logging.j2 b/roles/rke2/templates/manifests/deploy-rancher-logging.j2
index 03a6e61..3934d31 100644
--- a/roles/rke2/templates/manifests/deploy-rancher-logging.j2
+++ b/roles/rke2/templates/manifests/deploy-rancher-logging.j2
@@ -20,7 +20,7 @@ spec:
 
 
 ---
-
+ #CreateContainerConfigError (container has runAsNonRoot and image has non-numeric user (fluent), cannot verify user is non-root (pod: "rancher-logging-root-fluentd-0_cattle-logging-system(abba9ac8-72a3-469e-b4e3-f04d942ade09)", container: fluentd))
 apiVersion: helm.cattle.io/v1
 kind: HelmChart
 metadata:
@@ -42,11 +42,15 @@ spec:
     podSecurityContext:
       runAsNonRoot: true
       runAsUser: 1000
-    SecurityContext:
-      runAsNonRoot: true
-      runAsUser: 1000
+      fsGroup: 2000
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities: 
+        drop: ["ALL"]
+    debug: true
 
 # Need for fluentd statefulset the Security Context RunasUser
+# when running it runAsUser it needs perms /usr/lib/ruby/2.7.0/logger/log_device.rb:103:in `initialize': Permission denied @ rb_sysopen - /fluentd/log/out (Errno::EACCES)
 ---
 
 apiVersion: helm.cattle.io/v1
-- 
GitLab