Uploaded image for project: 'OpenShift Authentication'
  1. OpenShift Authentication
  2. AUTH-172

Creating a pod throws a Warning "would violate PodSecurity "restricted:latest""

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • openshift-4.11
    • None
    • False
    • None
    • False

      IMO the warning is too lengthy and complex, the pod gets created and runs just fine.

      1. oc new-project hello && oc new-app openshift/hello-openshift

      Expected: Pod gets created without any warning, if a warning is a must, it can be more user friendly

      Observed:
      Warning: would violate PodSecurity "restricted:latest": host namespaces (hostNetwork=true, hostPID=true), hostPath volumes (volume "host"), privileged (container "container-00" must not set securityContext.privileged=true), allowPrivilegeEscalation != false (container "container-00" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "container-00" must set securityContext.capabilities.drop=["ALL"]), restricted volume types (volume "host" uses restricted volume type "hostPath"), runAsNonRoot != true (pod or container "container-00" must set securityContext.runAsNonRoot=true), runAsUser=0 (container "container-00" must not set runAsUser=0), seccompProfile (pod or container "container-00" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
       

              slaznick@redhat.com Stanislav Láznička (Inactive)
              ytripath@redhat.com Yash Tripathi (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: