search

1Password / connect-helm-charts

Official 1Password Helm Charts
https://developer.1password.com
MIT License
93 stars 74 forks source link

Pod Security Admission warnings #192

Open mrclrchtr opened 7 months ago

mrclrchtr commented 7 months ago

When I deploy connect with helm, I get the following warnings with Pod Security Admission enabled:

Warning: would violate PodSecurity "restricted:latest": unrestricted capabilities (containers "connect-api", "connect-sync" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "connect-api", "connect-sync" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "connect-api", "connect-sync" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "curl" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "curl" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "curl" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "curl" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

It would be very good to fix these security warnings.