The neuvector-controller-pod is continuous restarting because of incorrect volumeMounts

[4everming]

prerequisite：
Upstream Kubernetes setup with containerd and kubeadm

procedures to reproduce the issue:

1. Run 'kubectl create namespace neuvector'
2. Run 'kubectl create secret docker-registry regsecret -n neuvector --docker-server=https://index.docker.io/v1/ --docker-username=your-name --docker-password=your-password --docker-email=your-email'
3. Run 'helm install my-release --namespace neuvector neuvector/core --set imagePullSecrets=regsecret'
4. Check the status of neuvector-controller-pod, it is restarting continuously.
5. Check the log of this pod:

"2022-11-02T07:53:53.311|INFO|CTL|system.NewSystemTools: cgroup v1
2022-11-02T07:53:53.311|INFO|CTL|container.Connect: - endpoint=
2022-11-02T07:53:53.311|ERRO|CTL|main.main: Failed to initialize - error=Unknown container runtime
2022-11-02T07:53:53|MON|Process ctrl exit status 254, pid=7
2022-11-02T07:53:53|MON|Process ctrl exit with non-recoverable return code. Monitor Exit!!"

6. Check the YAML of the controller deployment:

       volumeMounts:
        - mountPath: /var/neuvector
          name: nv-share
        - mountPath: /var/run/docker.sock
          name: runtime-sock
          readOnly: true
        - mountPath: /host/proc
          name: proc-vol
          readOnly: true
        - mountPath: /host/cgroup
          name: cgroup-vol
          readOnly: true
        - mountPath: /etc/config
          name: config-volume
          readOnly: true

"/run/containerd/containerd.sock" is not mounted to the pod, so it cannot detect the containerd runtime.

[jorn-k]

You mentioned containerd, but it looks like you have a mountpath for docker runtime. perhaps containerd.enabled=true will help.