Details
-
Story
-
Resolution: Done
-
Normal
-
None
-
3
-
False
-
None
-
False
-
Pipelines Sprint 221, Pipelines Sprint 222, Pipelines Sprint 223, Pipelines Sprint 224, Pipelines Sprint 225, Pipelines Sprint 226, Pipelines Sprint 227
Description
When we deploy operator on OCP 4.11, it gives warning for deployment to make it run as restricted because of the new psa thing
There will be warning in operator controller pod also for pipeline and triggers deployments.
Warning looks like
```
Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "openshift-pipelines-operator" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "openshift-pipelines-operator" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "openshift-pipelines-operator" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "openshift-pipelines-operator" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
deployment.apps/openshift-pipelines-operator created
Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "tekton-operator-webhook" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "tekton-operator-webhook" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "tekton-operator-webhook" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "tekton-operator-webhook" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
```