Is your feature request related to a problem? Please describe.
When running pods with the following securityContext:
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
The final proxy pod with image lpkremoteagent:0.1.6 does not run but only gives the following error:
Failed to create CoreCLR, HRESULT: 0x800040
Describe the solution you'd like
Either the proxy image/pod adheres to the securityContext policy or strip the securityContext from the "cloned"pod manifest before running it. We can whitelist the cloned pods to run.
Describe alternatives you've considered
Currently we are unable to use B2K as it requires alot of compromise to our security policy. We are using Azure policy in our AKS cluster.
Additional context
We would appreciate it if you can consolidate the labels being used in the different proxy pods. It would be easier to whitelist B2K pods. Right now its 4 differents labels:
routing.visualstudio.io/component
mindaro.io/component
routing.visualstudio.io/generated
routing.visualstudio.io/route-from
Is your feature request related to a problem? Please describe. When running pods with the following securityContext: securityContext: allowPrivilegeEscalation: false privileged: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 The final proxy pod with image lpkremoteagent:0.1.6 does not run but only gives the following error: Failed to create CoreCLR, HRESULT: 0x800040
Describe the solution you'd like Either the proxy image/pod adheres to the securityContext policy or strip the securityContext from the "cloned"pod manifest before running it. We can whitelist the cloned pods to run.
Describe alternatives you've considered Currently we are unable to use B2K as it requires alot of compromise to our security policy. We are using Azure policy in our AKS cluster.
Additional context We would appreciate it if you can consolidate the labels being used in the different proxy pods. It would be easier to whitelist B2K pods. Right now its 4 differents labels: routing.visualstudio.io/component mindaro.io/component routing.visualstudio.io/generated routing.visualstudio.io/route-from