search

CrunchyData / postgres-operator-examples

Examples for deploying applications with PGO, the Postgres Operator from Crunchy Data
https://access.crunchydata.com/documentation/postgres-operator/v5/
Apache License 2.0
187 stars 4.63k forks source link

podSecurity doesn't include seccomPorfile #248

Closed camaeel closed 3 months ago

camaeel commented 8 months ago

In order to fulfill restricted PodSecurity policy requirements, helm chart should add as a default on the pod or container level:

seccompProfile:
  type: "RuntimeDefault"
andrewlecuyer commented 7 months ago

Hi @camaeel, thanks for the feedback. I agree this would be a great addition to the Crunchy Postgres for Kubernetes (CPK) installers.

I can also confirm that we have a story in the CPK backlog to look at this change. Additionally, PR's are always welcome!

And finally, I will note that any update will also need to consider how this setting is handled by OpenShift Security Context Constrains (SCC's).

Thanks again!

benjaminjb commented 3 months ago

Hi @camaeel,

As of our latest release (v5.6.0), SeccompProfile is now set to RuntimeDefault in all Pods . Please see the following documentation for more information:

I'm going to close this issue now, but if you have any issues or questions feel free to re-open this issue or reach out to us on our Discord server.