Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Violates PodSecurity "restricted:latest" #1826

Open
3 tasks done
oukaja opened this issue Apr 15, 2024 · 1 comment
Open
3 tasks done

Violates PodSecurity "restricted:latest" #1826

oukaja opened this issue Apr 15, 2024 · 1 comment
Labels
community needs_triage

Comments

@oukaja
Copy link

oukaja commented Apr 15, 2024

Please confirm the following

  • I agree to follow this project's code of conduct.
  • I have checked the current issues for duplicates.
  • I understand that the AWX Operator is open source software provided for free and that I might not receive a timely response.

Bug Summary

I'm trying to deploy AWX 2.13.1 on kubernetes cluster v1.26.9
I set this for my AWX yaml file for security context
` task_privileged: false

security_context_settings:
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
`
but I have this error on deployments
Pods "awx-test-1-task-6d9c67f6cb-wb2f7" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (containers "init-database", "init-receptor", "redis", "awx-test-1-task", "awx-test-1-ee", "awx-test-1-rsyslog" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "init-database", "init-receptor", "redis", "awx-test-1-task", "awx-test-1-ee", "awx-test-1-rsyslog" must set securityContext.capabilities.drop=["ALL"]), seccompProfile (pod or containers "init-database", "init-receptor", "redis", "awx-test-1-task", "awx-test-1-ee", "awx-test-1-rsyslog" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost"):Deployment does not have minimum availability.

AWX Operator version

2.13.1

AWX version

24.0.0

Kubernetes platform

kubernetes

Kubernetes/Platform version

1.26

Modifications

no

Steps to reproduce

deploying AWX on k8s cluster with security context

Expected results

pods running with no errors

Actual results

Pods "awx-test-1-task-6d9c67f6cb-wb2f7" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (containers "init-database", "init-receptor", "redis", "awx-test-1-task", "awx-test-1-ee", "awx-test-1-rsyslog" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "init-database", "init-receptor", "redis", "awx-test-1-task", "awx-test-1-ee", "awx-test-1-rsyslog" must set securityContext.capabilities.drop=["ALL"]), seccompProfile (pod or containers "init-database", "init-receptor", "redis", "awx-test-1-task", "awx-test-1-ee", "awx-test-1-rsyslog" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost"):Deployment does not have minimum availability.

Additional information

No response

Operator Logs

No response
@jessicamack
Copy link
Member

@rooftopcellist are the values above for runAsNonRoot and allowPrivilegeEscalation compatible with AWX?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community needs_triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oukaja @jessicamack