Ref #69 solved by @sagikazarmark in #149. It seems like only the UUID issue was resolved? Not the extended capabilities introduced in 1.15.2.
Actual Behavior
Not able to fetch secrets from vault due to to capabilities being added by default.
35s Warning FailedCreate replicaset/test-deployment-init-seccontext-6bf988cf8d Error creating: pods "test-deployment-init-seccontext-6bf988cf8d-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .initContainers[0].capabilities.add: Invalid value: "CHOWN": capability may not be added, provider restricted-v2: .initContainers[0].capabilities.add: Invalid value: "SETFCAP": capability may not be added, provider restricted-v2: .initContainers[0].capabilities.add: Invalid value: "SETGID": capability may not be added, provider restricted-v2: .initContainers[0].capabilities.add: Invalid value: "SETPCAP": capability may not be added, provider restricted-v2: .initContainers[0].capabilities.add: Invalid value: "SETUID": capability may not be added.
Steps To Reproduce
Try to fetch secrets from vault using vault-secrets-webhook with version < 1.15.2 on Openshift
Preflight Checklist
Vault Secrets Webhook Version
1.21.0
Installation Type
Official Helm chart
Bank-Vaults Version
No response
Kubernetes Version
1.25.16
Kubernetes Distribution/Provisioner
Openshift (4.12.46)
Expected Behavior
Ref #69 solved by @sagikazarmark in #149. It seems like only the UUID issue was resolved? Not the extended capabilities introduced in
1.15.2
.Actual Behavior
Not able to fetch secrets from vault due to to capabilities being added by default.
Steps To Reproduce
Try to fetch secrets from vault using
vault-secrets-webhook
with version < 1.15.2 on OpenshiftConfiguration