Skip to end of metadata
Go to start of metadata

Problem

When installing the new Kubernetes cluster collector (Checkmk 2.1), the following error appears (in the Kubernetes event logs)

Error: failed to start container "cadvisor": Error response from daemon: linux spec capabilities: Unknown capability to add: "CAP_CAP_SYS_PTRACE"

This happens when you are using older container runtime versions, which always add CAP_ to each capability drop.
This problem is fixed in Docker 19.03 and containerd 1.4.5

Solution

Change in the values.yaml under nodeCollector.cadvisor.securityContext:

capabilities:
        drop:
          - ALL
        add: ["SYS_PTRACE"]

(Remove the "CAP_")