Installation Note 67349: SAS® Viya® 2020 deployments fail with "Error: secret 'sas-consul-client' not found" when the pod security policy "runtime/default" is not allowed
 |  |  |  |
SAS Viya 2020 deployments can fail when pod security policies for "runtime/default" are not allowed. This selection causes many pods to go into a CreateContainerConfigError status during the deployment or not be created at all.
When you encounter this issue, most of the pods in this state show an error similar to the following that indicates that secrets are not found when trying to describe the failing pods:
Cause
This issue happens because SAS Viya 2020 introduced the following annotation into the deployment, which does not allow SAS Viya pods to be created if ‘runtime/default’ is not allowed:
Verify
You can run the following to describe the pods: kubectl -n namespace describe pod pod-name
You can check the pod security policies by running the following command on your Kubernetes cluster:
For more information about pod security policies, see Pod Security Policies in the Kubernetes documentation.
Resolution
To resolve the issue, add "runtime/default" to the default pod security policies as a Kubernetes cluster administrator.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Viya | Linux for x64 | 2020.1.1 | Viya | ||
| Type: | Installation Note |
| Priority: | medium |
| Date Modified: | 2021-02-17 13:41:43 |
| Date Created: | 2021-02-01 09:19:36 |