Uploaded image for project: 'OpenShift Authentication'
  1. OpenShift Authentication
  2. AUTH-172

Creating a pod throws a Warning "would violate PodSecurity "restricted:latest""

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Normal
    • None
    • openshift-4.11
    • None
    • False
    • None
    • False

    Description

      IMO the warning is too lengthy and complex, the pod gets created and runs just fine.

      1. oc new-project hello && oc new-app openshift/hello-openshift

      Expected: Pod gets created without any warning, if a warning is a must, it can be more user friendly

      Observed:
      Warning: would violate PodSecurity "restricted:latest": host namespaces (hostNetwork=true, hostPID=true), hostPath volumes (volume "host"), privileged (container "container-00" must not set securityContext.privileged=true), allowPrivilegeEscalation != false (container "container-00" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "container-00" must set securityContext.capabilities.drop=["ALL"]), restricted volume types (volume "host" uses restricted volume type "hostPath"), runAsNonRoot != true (pod or container "container-00" must set securityContext.runAsNonRoot=true), runAsUser=0 (container "container-00" must not set runAsUser=0), seccompProfile (pod or container "container-00" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
       

      Attachments

        Issue Links

          is related to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. AUTH-133 Pod Security Admission integration in OpenShift

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. AUTH-2 Enable Pod Security Admission & SCC

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              slaznick@redhat.com Stanislav Laznicka
              ytripath@redhat.com Yash Tripathi (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: