Troubleshooting "unknown capability to add: CAP_CAP_SYS_PTRACE" error
This article helps debug issues with the Kubernetes cluster collector.
LAST TESTED ON CHECKMK 2.0.0P1
Table of Contents
Problem
When installing the new Kubernetes cluster collector (Checkmk 2.1), the following error appears (in the Kubernetes event logs)
Error: failed to start container "cadvisor": Error response from daemon: linux spec capabilities: Unknown capability to add: "CAP_CAP_SYS_PTRACE"
This happens when you are using older container runtime versions, which always add CAP_ to each capability drop.
This problem is fixed in Docker 19.03 and containerd 1.4.5
Solution
Change in the values.yaml under nodeCollector.cadvisor.securityContext:
capabilities: Â Â Â Â Â Â Â drop: Â Â Â Â Â Â Â Â Â - ALL Â Â Â Â Â Â Â add: ["SYS_PTRACE"]
(Remove the "CAP_")
Related articles