Uploaded image for project: 'OpenShift Authentication'
  1. OpenShift Authentication
  2. AUTH-182

Pod Security compliance: dns-operator

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Undefined
    • None
    • None
    • None
    • Auth - Sprint 218

    Description

      dns-operator must comply to restricted pod security level. The current audit warning is:

      {   "objectRef": "openshift-dns-operator/deployments/dns-operator",   "pod-security.kubernetes.io/audit-violations": "would violate PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (containers \"dns-operator\", \"kube-rbac-proxy\" must set securityContext.allowPrivilegeEscalation=false), unre stricted capabilities (containers \"dns-operator\", \"kube-rbac-proxy\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or containers \"dns-operator\", \"kube-rbac-proxy\" must set securityContext.runAsNonRoot=tr ue), seccompProfile (pod or containers \"dns-operator\", \"kube-rbac-proxy\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")" }

      Attachments

        Activity

          People

            surbania Sergiusz Urbaniak
            surbania Sergiusz Urbaniak
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: