-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Helm install fails in PSS restricted clusters because of hardcoded securityContext values #599
Comments
Thank you for your contribution! This issue has been automatically marked as |
+1 facing the same issue right now |
Thank you for your contribution! This issue has been automatically marked as |
What happened:
i wanted to deploy kubeclarity via Helm on a PSS (restriced mode) secured cluster
What you expected to happen:
that the helm chart gives the oportunity to set seccompProfiles
How to reproduce it (as minimally and precisely as possible):
create cluster with PSS and try install kubeclarify in a restricted namespace
Are there any error messages in KubeClarity logs?
no
Anything else we need to know?:
pods "kubeclarity-kubeclarity-grype-server-59f88f8f8d-x8mzb" is forbidden: violates PodSecurity "restricted:latest": seccompProfile (pod or container "grype-server" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
The Problem can easily be solved by not hardcoding the securityContext and allow a manual override in the Helm Chart
Environment:
kubectl version --short
): 1.26helm version
): 3.13.2kubectl -n kubeclarity exec deploy/kubeclarity -- ./backend version
): 2.23.1helm -n kubeclarity list
): 2.23.1The text was updated successfully, but these errors were encountered: