Troubleshooting "unknown capability to add: CAP_CAP_SYS_PTRACE" error

Owned by martin.hirschvogel (Unlicensed)
Last updated: Dec 12, 2023 by Matthew Hierholzer
1 min read

This article helps debug issues with the Kubernetes cluster collector.

LAST TESTED ON CHECKMK 2.0.0P1

Table of Contents

Problem

When installing the new Kubernetes cluster collector (Checkmk 2.1), the following error appears (in the Kubernetes event logs)

Error: failed to start container "cadvisor": Error response from daemon: linux spec capabilities: Unknown capability to add: "CAP_CAP_SYS_PTRACE"


This happens when you are using older container runtime versions, which always add CAP_ to each capability drop.

This problem is fixed in Docker 19.03 and containerd 1.4.5

Solution

Change in the values.yaml under nodeCollector.cadvisor.securityContext:

capabilities:
        drop:
          - ALL
        add: ["SYS_PTRACE"]

(Remove the "CAP_")