-
Bug
-
Resolution: Done-Errata
-
Normal
-
None
-
False
-
-
False
-
CLOSED
-
---
-
---
-
Storage Core Sprint 223, Storage Core Sprint 225, Storage Core Sprint 226
-
Medium
Description of problem:
cdi-deployment logs shows info-level log message related security context issue.
Version-Release number of selected component (if applicable):
4.11
How reproducible:
100%
Expected results:
Security context configuration prevents warning from occurring.
Additional info:
{"level":"info","ts":1652877234.7262948,"logger":"KubeAPIWarningLogger","msg":"would violate PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (container \"cdi-source-update-poller\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"cdi-source-update-poller\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or container \"cdi-source-update-poller\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container \"cdi-source-update-poller\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"} {"level":"info","ts":1652877319.456313,"logger":"KubeAPIWarningLogger","msg":"would violate PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (containers \"init\", \"importer\", \"server\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers \"init\", \"importer\", \"server\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or containers \"init\", \"importer\", \"server\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers \"init\", \"importer\", \"server\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"} {"level":"info","ts":1652878329.2959814,"logger":"KubeAPIWarningLogger","msg":"would violate PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (container \"importer\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"importer\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or container \"importer\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container \"importer\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"}- external trackers
- links to
(1 external trackers, 1 links to)