-
Task
-
Resolution: Done
-
Normal
-
None
-
None
-
None
-
False
-
-
False
-
None
-
None
-
None
-
PSAP Sprint 222
openshift-nfd (Node Feature Discovery Operator) must comply to pod security. The current audit warning is:
amespace is: openshift-nfd pod name is: nfd-controller-manager-74f778745-2wx26 container: kube-rbac-proxy container: manager 2022-05-12T16:05:53.232Z INFO KubeAPIWarningLogger would violate PodSecurity "restricted:latest": runAsNonRoot != true (pod or container "nfd-master" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nfd-master" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") 2022-05-12T16:05:53.513Z INFO KubeAPIWarningLogger would violate PodSecurity "restricted:latest": host namespaces (hostNetwork=true), hostPath volumes (volumes "host-boot", "host-os-release", "host-sys", "host-usr-lib", "host-usr-src", "nfd-hooks", "nfd-features"), restricted volume types (volumes "host-boot", "host-os-release", "host-sys", "host-usr-lib", "host-usr-src", "nfd-hooks", "nfd-features" use restricted volume type "hostPath"), runAsNonRoot != true (pod or container "nfd-worker" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nfd-worker" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") pod name is: nfd-master-4t4lr container: nfd-master pod name is: nfd-master-m7fqp container: nfd-master pod name is: nfd-master-sbqn9 container: nfd-master pod name is: nfd-worker-2cdqg container: nfd-worker pod name is: nfd-worker-46pz5 container: nfd-worker pod name is: nfd-worker-p6x2c container: nfd-worker
- clones
-
-
- Closed
-