cozystack icon indicating copy to clipboard operation
cozystack copied to clipboard
verified publisher icon aenix-io

Remove `would violate PodSecurity "restricted:latest"` warnings

Open kvaps opened this issue 1 year ago • 1 comments

We have to refactor all our apps to avoid such warnings:

Warning: would violate PodSecurity "restricted:latest": host namespaces (hostNetwork=true), allowPrivilegeEscalation != false (containers "cozystack", "darkhttpd" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "cozystack", "darkhttpd" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "cozystack", "darkhttpd" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "cozystack", "darkhttpd" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

kvaps avatar Jan 26 '24 13:01 kvaps

@kvaps How to reproduce this problem or how it occurs, where to look? If there is any evidence, it will be possible to investigate.

themoriarti avatar Jul 03 '24 10:07 themoriarti