search

aquasecurity / postee

Notice: Postee is no longer under active development or maintenance.
https://aquasecurity.github.io/postee/latest
MIT License
206 stars 68 forks source link

Permission issues on EKS #464

Open simar7 opened 1 year ago

simar7 commented 1 year ago

Description

A user reported permission issues when running on EKS. See screenshot below for details.

What did you expect to happen?

No permission issues

What happened instead?

image

Output of run with POSTEE_DEBUG=true:

No response

Additional details (environment setup, networking info...):

EKS cluster 1.20 version Deployed using helm chart with FluxCD 0.33.0

grglzrv commented 1 year ago

Fixed by adding podSecurityContext: fsGroup: 1099 It should be activated by default https://github.com/aquasecurity/postee/blob/main/deploy/helm/postee/values.yaml#L37-L46

    podSecurityContext:
      fsGroup: 1099
    securityContext:
      runAsUser: 1099
      runAsGroup: 1099
image
simar7 commented 1 year ago

Fixed by adding podSecurityContext: fsGroup: 1099 It should be activated by default https://github.com/aquasecurity/postee/blob/main/deploy/helm/postee/values.yaml#L37-L46

    podSecurityContext:
      fsGroup: 1099
    securityContext:
      runAsUser: 1099
      runAsGroup: 1099
image

thanks for looking into this @grglzrv - are you suggesting the values should be set to default as the following?

    podSecurityContext:
      fsGroup: 1099
    securityContext:
      runAsUser: 1099
      runAsGroup: 1099
grglzrv commented 1 year ago

yes