securityContext warnings on 4.11

Question

securityContext warnings on 4.11

Closed this issue 2 years ago · 12 comments

Editing any of our deployments complains about these not being set. We probably need to update the configs with these values or whatever is appropriate.

spec:
  template:
    spec:
      containers:
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault

jmontleon commented 2 years ago

#56

Answer 1 · 2022-06-28T13:57:21.000Z

/priority critical
/kind bug
/triage accepted

Answer 2 · 2022-06-28T13:57:25.000Z

@eriknelson: The label(s) triage/accepted cannot be applied, because the repository doesn't have them.

In response to this:

/priority critical
/kind bug
/triage accepted

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Answer 3 · 2022-06-28T16:19:46.000Z

/triage accepted

Answer 4 · 2022-06-28T16:52:56.000Z

This issue synced with: https://issues.redhat.com/browse/MTRHO-81

Answer 5 · 2022-06-29T17:43:29.000Z

migtools/crane-reverse-proxy#18

Answer 6 · 2022-06-29T18:00:23.000Z

migtools/crane-secret-service#12

Answer 7 · 2022-06-29T18:17:15.000Z

migtools/crane-ui-plugin#94

Answer 8 · 2022-06-29T18:17:29.000Z

@djzager what's the right way to do this with crane-runner?

Answer 9 · 2022-06-29T18:35:13.000Z

@djzager what's the right way to do this with crane-runner?

I'm not certain that we need it for crane-runner since there is no deployments...just tasks (that get run as pods). Maybe this is something that would be added by the Tekton controller at run time?

Answer 10 · 2022-06-29T18:41:48.000Z

I think that makes sense, if it's not something we control.

Answer 11 · 2022-08-01T16:16:31.000Z

I believe all of the PRs above are merged.