search

eclipse-tractusx / tractusx-edc

Apache License 2.0
38 stars 54 forks source link

Update Helm chart psql to at least v12.1.13 #677

Closed fty4 closed 1 year ago

fty4 commented 1 year ago

Describe the bug

Currently the Helm chart is using postgresql in version 12.1.6:

https://github.com/eclipse-tractusx/tractusx-edc/blob/968bb28b149784ecf8c3e9ab0f55b949af919df0/charts/tractusx-connector/Chart.yaml#L59-L64

This version will fail to run the kyverno policy require-run-as-nonroot.yaml check.

Background here is that an empty initContainers: element will be created. This is a bug from bitnami/postgresql Helm chart which was solved in bitnami/charts#14602. With this bug kyverno will detect a problem when checking the chart (error message in code block below).

To Reproduce

Run kyverno with the mentioned policy and see error (executed through eclipse-tractusx/e2e-testing):

policy require-run-as-nonroot -> resource edc/StatefulSet/chart-consumer-postgresql failed: 
1. autogen-run-as-non-root: validation error: Running as root is not allowed. Either the field spec.securityContext.runAsNonRoot must be set to `true`, or the fields spec.containers[*].securityContext.runAsNonRoot, spec.initContainers[*].securityContext.runAsNonRoot, and spec.ephemeralContainers[*].securityContext.runAsNonRoot must be set to `true`. rule autogen-run-as-non-root[0] failed at path /spec/template/spec/initContainers/ rule autogen-run-as-non-root[1] failed at path /spec/template/spec/initContainers/ 

policy require-run-as-nonroot -> resource edc/StatefulSet/chart-provider-postgresql failed: 
1. autogen-run-as-non-root: validation error: Running as root is not allowed. Either the field spec.securityContext.runAsNonRoot must be set to `true`, or the fields spec.containers[*].securityContext.runAsNonRoot, spec.initContainers[*].securityContext.runAsNonRoot, and spec.ephemeralContainers[*].securityContext.runAsNonRoot must be set to `true`. rule autogen-run-as-non-root[0] failed at path /spec/template/spec/initContainers/ rule autogen-run-as-non-root[1] failed at path /spec/template/spec/initContainers/

Expected behavior

No nun-as-non-root error should occur.

Possible Implementation

To fix this problem only an update is required to at least bitnami/postgresql 12.1.13 - or latest version (currently 12.7.1).

If you want I can rase a PR for this.

paullatzelsperger commented 1 year ago

from an EDC perspective, this is not a bug. I replaced the label.