Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-18496

[2088464] [CDI] cdi-deployment does not comply with restricted security context

XMLWordPrintable

    • Storage Core Sprint 223, Storage Core Sprint 225, Storage Core Sprint 226
    • Medium

      Description of problem:
      cdi-deployment logs shows info-level log message related security context issue.

      Version-Release number of selected component (if applicable):
      4.11

      How reproducible:
      100%

      Expected results:
      Security context configuration prevents warning from occurring.

      Additional info:

      {"level":"info","ts":1652877234.7262948,"logger":"KubeAPIWarningLogger","msg":"would violate PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (container \"cdi-source-update-poller\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"cdi-source-update-poller\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or container \"cdi-source-update-poller\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container \"cdi-source-update-poller\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"} {"level":"info","ts":1652877319.456313,"logger":"KubeAPIWarningLogger","msg":"would violate PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (containers \"init\", \"importer\", \"server\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers \"init\", \"importer\", \"server\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or containers \"init\", \"importer\", \"server\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers \"init\", \"importer\", \"server\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"} {"level":"info","ts":1652878329.2959814,"logger":"KubeAPIWarningLogger","msg":"would violate PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (container \"importer\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"importer\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or container \"importer\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container \"importer\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"}

            rhn-support-awels Alexander Wels
            rhn-support-sbennert Sarah Bennert
            Yan Du Yan Du
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: