issues running fapolicy on eks nodes #310
Description
Hi
I am trying to run fapolicy on eks nodes ( for compliance ) . following #180 , i have it it up and running and working.
However , for some reason, fapolicy is blocking k8s from pulling images without logging anything.
I have tried running fapolcy with --debug-deny and even --debug but i dont see any logs. However unless i stop fapolicy, i cant get k8s to deploy anything.
Has anyone faced any issue like that
logs show something like
PullImage from image service failed" err="rpc error: code = Unknown desc = failed to pull and unpack image \"344908691396.dkr.ecr.ap-southeast-2.amazonaws.com/e-recruit-build:develop_lucee\": failed to extract layer sha256:519abcb17676bcf41d770deedf143913f4a4aca3211f3793c8469b70ee9ac91a: open /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/453/fs/opt/reactapp/node_modules/@babel/traverse/lib/path/modification.js: operation not permitted
There is no entry that tells whats blocked
Any ideas
Edit: by no logs I mean to say no log that shows a deny. all logs basically allow everything yet i get operation not permitted error