Violates PodSecurity "restricted:latest"

[oukaja]

Please confirm the following

• [X] I agree to follow this project's code of conduct.
• [X] I have checked the current issues for duplicates.
• [X] I understand that the AWX Operator is open source software provided for free and that I might not receive a timely response.

Bug Summary

I'm trying to deploy AWX 2.13.1 on kubernetes cluster v1.26.9 I set this for my AWX yaml file for security context ` task_privileged: false

security_context_settings: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop:

• "ALL" ` but I have this error on deployments Pods "awx-test-1-task-6d9c67f6cb-wb2f7" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (containers "init-database", "init-receptor", "redis", "awx-test-1-task", "awx-test-1-ee", "awx-test-1-rsyslog" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "init-database", "init-receptor", "redis", "awx-test-1-task", "awx-test-1-ee", "awx-test-1-rsyslog" must set securityContext.capabilities.drop=["ALL"]), seccompProfile (pod or containers "init-database", "init-receptor", "redis", "awx-test-1-task", "awx-test-1-ee", "awx-test-1-rsyslog" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost"):Deployment does not have minimum availability.

AWX Operator version

2.13.1

AWX version

24.0.0

Kubernetes platform

kubernetes

Kubernetes/Platform version

1.26

Modifications

no

Steps to reproduce

deploying AWX on k8s cluster with security context

Expected results

pods running with no errors

Actual results

Pods "awx-test-1-task-6d9c67f6cb-wb2f7" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (containers "init-database", "init-receptor", "redis", "awx-test-1-task", "awx-test-1-ee", "awx-test-1-rsyslog" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "init-database", "init-receptor", "redis", "awx-test-1-task", "awx-test-1-ee", "awx-test-1-rsyslog" must set securityContext.capabilities.drop=["ALL"]), seccompProfile (pod or containers "init-database", "init-receptor", "redis", "awx-test-1-task", "awx-test-1-ee", "awx-test-1-rsyslog" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost"):Deployment does not have minimum availability.

Additional information

No response

Operator Logs

No response

[jessicamack]

@rooftopcellist are the values above for runAsNonRoot and allowPrivilegeEscalation compatible with AWX?