Uploaded image for project: 'OpenShift Authentication'
  1. OpenShift Authentication
  2. AUTH-182

Pod Security compliance: dns-operator

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Undefined
    • None
    • None
    • None
    • Auth - Sprint 218

    Description

      dns-operator must comply to restricted pod security level. The current audit warning is:

      {   "objectRef": "openshift-dns-operator/deployments/dns-operator",   "pod-security.kubernetes.io/audit-violations": "would violate PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (containers \"dns-operator\", \"kube-rbac-proxy\" must set securityContext.allowPrivilegeEscalation=false), unre stricted capabilities (containers \"dns-operator\", \"kube-rbac-proxy\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or containers \"dns-operator\", \"kube-rbac-proxy\" must set securityContext.runAsNonRoot=tr ue), seccompProfile (pod or containers \"dns-operator\", \"kube-rbac-proxy\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")" }

      Attachments

        Activity

          Public project attachment banner

            context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
            current Project key: AUTH

            People

              surbania Sergiusz Urbaniak
              surbania Sergiusz Urbaniak
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: