Warnings deploying in OpenShift 4

Question

Warnings deploying in OpenShift 4

rmarting opened this issue 2 years ago · 1 comments

I am testing Barco in OpenShift version 4.11 (Kubernetes version v1.24.0+4f0dd4d) but I am getting some warnings of PodSecurity violations.

Following the instructions I found the following warning when the customization is applied:

❯ kubectl apply -k .
namespace/streams created
serviceaccount/barco created
role.rbac.authorization.k8s.io/barco created
clusterrole.rbac.authorization.k8s.io/barco created
rolebinding.rbac.authorization.k8s.io/barco created
clusterrolebinding.rbac.authorization.k8s.io/barco created
service/barco created
Warning: would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "barco" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "barco" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "barco" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "barco" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
statefulset.apps/barco created

Steps to reproduce

Use OpenShift Local to start a local instance of OpenShift (Instructions here)
Start it
Execute commands described in Installing Barco Streams on Kubernetes page

Answer 1 · 2022-09-21T18:54:56.000Z

Confirmed that now it is running successfully in my OCP 4.11 cluster:

❯ oc get pod -n streams
NAME      READY   STATUS    RESTARTS   AGE
barco-0   1/1     Running   0          48s
barco-1   1/1     Running   0          43s
barco-2   1/1     Running   0          39s