Can't bootstrap cilium-agent due to mount-cgroup permission denied

[ykfq]

What happened?

cilium-agent can not bootstrap, pod STATUS: Init:CrashLoopBackOff
kubectl describe pod shows the containers mount-cgroup、apply-sysctl-overwrites、install-cni-binaries crashed one after another until we set the pod's securityContext.privileged to true:

What did you expect to happen?

The cilium daemonset should applied with all pods in Running state.

How can we reproduce it (as minimally and precisely as possible)?

container_manager: containerd
kube_network_plugin: cilium
kube_version: 1.32.10
etcd_version: 3.5.24
cilium_version: 1.18.4
cilium_cli_version: 0.18.8

OS

Rocky Linux 9

Version of Ansible

2.17.14

Version of Python

3.12.11

Version of Kubespray (commit)

Release v2.29.0

Network plugin used

cilium

Full inventory with variables

Command used to invoke ansible

ansible-playbook -i inventory/mycluster/inventory.ini cluster.yml

Output of ansible run

Anything else we need to know

RockyLinux: 9.2
getenforce: Permissive

[ykfq]

Fixed by overwriting cilium_extra_values as :

cilium_extra_values:
  securityContext:
    privileged: true

[guoard]

Duplicate of #12276

/close

[k8s-ci-robot]

@guoard: You can't close an active issue/PR unless you authored it or you are a collaborator.

In response to this:

Duplicate of #12276

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[tico88612]

#12276 (comment)

/close

[k8s-ci-robot]

@tico88612: Closing this issue.

In response to this:

#12276 (comment)

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.