psp-migration
psp-migration copied to clipboard
runAsUser.rule = MustRunAsNonRoot doesn't work as expected
Is there an existing issue for this?
- [X] I have searched the existing issues
What happened?
A bug happened!
What policy engine(s) are you using?
- [X] Kyverno
- [X] Kubewarden
- [X] Gatekeeper
Input PSP
# https://github.com/kubernetes/website/blob/main/content/en/examples/policy/example-psp.yaml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: example
spec:
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: MustRunAsNonRoot
fsGroup:
rule: RunAsAny
volumes:
- '*'
Gatekeeper output
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sPSPAllowedUsers
metadata:
name: psp-k8spspallowedusers-97934
spec:
match:
kinds:
- apiGroups:
- ""
kinds:
- Pod
parameters:
runAsUser:
rule: MustRunAsNonRoot
Kubewarden output
apiVersion: policies.kubewarden.io/v1alpha2
kind: ClusterAdmissionPolicy
metadata:
name: psp-usergroup-070cd
spec:
module: registry://ghcr.io/kubewarden/policies/user-group-psp:v0.1.3
rules:
- apiGroups:
- ""
apiVersions:
- v1
resources:
- pods
operations:
- CREATE
- UPDATE
mutating: false
settings:
run_as_user:
rule: MustRunAsNonRoot
supplemental_groups:
rule: RunAsAny
Kyverno output
Cannot read properties of undefined (reading '0')
GIT
54f53bc5fe4d8d264ce15f202ef8e43ae01cff6e