empinator
commented
2 years ago @hikkyXII Did you resolve your problem? I am facing a similar issue.
Open hikkyXII opened 2 years ago
empinator
commented
2 years ago @hikkyXII Did you resolve your problem? I am facing a similar issue.
hikkyXII
commented
2 years ago No. Need to edit rules code for that. But as this project seems abandoned, we are going to move to another admission controller.
empinator
commented
2 years ago Thanks for your reply. It seems like you are right. Too bad, since I liked the simplicity. Is there any admission controller you are favouring? istio, OPA, Gatekeeper, kyverno, ... ?
hikkyXII
commented
2 years ago Have no experience with them yet, but: Istio - is for network operations OPA, Gatekeeper - they work together. We are going to evaluate this one. The only one I heard of several times. kyverno - never heard of.
mark-adams
commented
1 year ago 👋 The k-rail project has been deprecated and is no longer under active development. We recommend taking a look at OPA Gatekeeper to see if it might meet your needs going forward.
Thanks for your contribution(s) to the project!
Hello! K-Rail policy No Root User allows me to run Pod only if runAsNonRoot: true is specified in Pod's AND Container's securityContext same time. Is it correct behavior or should I be able to run pod ONLY with runAsNonRoot: true in PodSecurityContext? Thanks in advance.