Kubernetes Pod Security Policy Support

Hi all,

I’m running that latest version of the helm chart on kubernetes (Rancher 2.3.0 Cluster - Kube 1.15.x)

Server start successfully and connects to my bitbucket server - yay! When it receives a build trigger though, the controller starts successfully and the first task fails with the error:

validate: pods “mjcu13puuamqphzk6olvjynuz4ltlsg6” is forbidden: unable to validate against any pod security policy: []

Within rancher, i’ve tried both “unrestricted” and “None” Pod security policies in the project (group of namespaces). This seems to have had no impact and i’m unable to see anything in the logs about what namespace is being used for the individual stage pods. These policies work with any pods deployed into the namespace.

I assume there is some issue with how the controller is spawning pods, but im unable to see where its trying to create them or what the actual issue is, even with debug.

Any pointers in the right direction would be appreciated. Happy to provide any other information / debugging if required.


@MrBones757 this might be a little late (almost 10 months) but it might be because the kube-runner values.yaml file sets the namespace by default as default

You need to set DRONE_NAMESPACE_DEFAULT to the namespace you want the workers to run in.