charts icon indicating copy to clipboard operation
charts copied to clipboard
verified publisher icon cloudnative-pg

ping test job for cluster fails when complying Kyverno policies

Open radhupr opened this issue 9 months ago • 0 comments

We have restriction in our cluster on the workload privileges. When a cluster is created , the ping test job (from templates/test/ping.yaml) is created automatically and is run with privileged access by default. I can patch the resource to comply with our kyverno policies as below

- op: add
  path: /spec/template/spec/securityContext
  value:
    runAsUser: 1000
    runAsNonRoot: true
    seccompProfile:
      type: RuntimeDefault

- op: add
  path: /spec/template/spec/containers/0/securityContext
  value:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
        - ALL

But since the package download is done in the pod, it needs additional permission. Is there a way to disable running this ping test job or make it compliant? Couldnt find a way to do it in the chart options.

radhupr avatar Mar 24 '25 18:03 radhupr