zarf icon indicating copy to clipboard operation
zarf copied to clipboard

Published 20 hours ago verified publisher icon defenseunicorns

ZARF removes namespace labels pertaining to pod security when using --adopt-existing-resources

Open Ansible-man opened this issue 9 months ago • 1 comments

Environment

Device and OS: App version: 0.33.1 Kubernetes distro being used: rke2 1.28.9 Other:

Steps to reproduce

  1. Create a namespace with the labels required to allow a pod to have privileges when restricted pod security context is enabled per CIS benchmark
  2. Deploy an app (in our case mattermost-team-edition) via helm to that namespace
  3. Create a zarf package for the app and deploy it with --adopt-existing-resources
  4. The pods will not be scheduled due to security context violations and the labels will have been removed from the namespace

Expected result

The existing labels that do not interfere with ZARF remain

Actual Result

Existing labels pertaining to pod security are removed

Visual Proof (screenshots, videos, text, etc)

Severity/Priority

Additional Context

Add any other context or screenshots about the technical debt here.

Ansible-man avatar May 09 '24 20:05 Ansible-man

Confirmed this is a bug, thanks!

AustinAbro321 avatar May 10 '24 14:05 AustinAbro321