#Warning running dagger engine on Talos QEMU cluster

Warning  FailedCreate      43m                daemonset-controller  Error creating: pods "dagger-dagger-helm-engine-59gz8" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (container "dagger-engine" must not include "ALL" in securityContext.capabilities.add), hostPath volumes (volumes "varlibdagger", "varrundagger"), privileged (container "dagger-engine" must not set securityContext.privileged=true)

i followed ths guide

i installed qemu with this guide

Hey! Seems like you have permission issue. Dagger engine pods need to be privileged, they require more capabilities than the average container because remember that Dagger Engine is also a container runtime, so it needs additional permissions to be able to create containers.

The default helm chart includes the correct values to allow this to run as privileged. https://github.com/dagger/dagger/blob/main/helm/dagger/templates/engine-daemonset.yaml

It seems somethign else may be preventing this from launching. Can you let us know which command you are running that results in this error?

    dagger oci://registry.dagger.io/dagger-helm```

kubectl describe daemonset/dagger-dagger-helm-engine --namespace=dagger

both the upgrade command and the discribe command from the k8s dagger

I just run the exact commands in the Talos docs to run a local k8s cluster on QEMU. And then the dagger docs.

Tho it's just warnings dagger run fine

that's strange.. because the error message clearly says "error creating pods". Are you sure the pods were created successfuly?

    dagger oci://registry.dagger.io/dagger-helm
Release "dagger" does not exist. Installing it now.
Pulled: registry.dagger.io/dagger-helm:0.16.2
Digest: sha256:b979bb5e2f70a2940c88688887b7e9800813586ce9e558d9fbb520e79253c3dc
W0302 22:17:34.316809   62263 warnings.go:70] would violate PodSecurity "restricted:latest": privileged (container "dagger-engine" must not set securityContext.privileged=true), allowPrivilegeEscalation != false (container "dagger-engine" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "dagger-engine" must set securityContext.capabilities.drop=["ALL"]; container "dagger-engine" must not include "ALL" in securityContext.capabilities.add), restricted volume types (volumes "varlibdagger", "varrundagger" use restricted volume type "hostPath"), runAsNonRoot != true (pod or container "dagger-engine" must set securityContext.runAsNonRoot=true), runAsUser=0 (pod must not set runAsUser=0), seccompProfile (pod or container "dagger-engine" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
NAME: dagger
LAST DEPLOYED: Sun Mar  2 22:17:34 2025
NAMESPACE: dagger
STATUS: deployed
REVISION: 1
TEST SUITE: None
[pk@ID ~]$

Yes, but is the pod actually healthy?

If you run kubectl -n dagger get pods is it running?

yeah you are right

kubectl label namespace dagger pod-security.kubernetes.io/enforce=privileged this fix it

NAME                              READY   STATUS    RESTARTS   AGE
dagger-dagger-helm-engine-f7dx5   1/1     Running   0          9m8s
dagger-dagger-helm-engine-ktrxb   1/1     Running   0          9m8s
dagger-dagger-helm-engine-rx8zk   1/1     Running   0          9m8s