docker-sonarqube icon indicating copy to clipboard operation
docker-sonarqube copied to clipboard

Published 20 hours ago verified publisher icon SonarSource

root Group not compliant with Baseline PodSecurityStandard

Open dirsigler opened this issue 10 months ago • 1 comments

With these commits... ...for the Dockerfile: https://github.com/SonarSource/docker-sonarqube/commit/8e556d6ac42832b1e1049a442b6cf8e3583d6330 ...for the Helm Chart: https://github.com/SonarSource/helm-chart-sonarqube/commit/9b273fcccc8e4552110b4eda3288c2bfaaf13ac8

Sonarqube is no longer compliant with the Baseline PodSecurityStandard.

After a pending upgrade to sonarqube-10.5.0_2748 I face following issue:

create Pod sonarqube-sonarqube-0 in StatefulSet sonarqube-sonarqube failed error: pods "sonarqube-sonarqube-0" is forbidden: violates PodSecurity "baseline:latest": privileged (containers "init-sysctl", "concat-properties", "install-plugins" must not set securityContext.privileged=true)

To solve it I removed the enforced Baseline PSS for this deployments namespace, which is not really the happy path I would take as it worked before.

dirsigler avatar Apr 22 '24 06:04 dirsigler