lolodi
commented
3 years ago Thanks for reporting this issue, another interesting one! I added it to our backlog and I'll report back here once the fix is shipped.
Open Retna-Gjensidige opened 3 years ago
lolodi
commented
3 years ago Thanks for reporting this issue, another interesting one! I added it to our backlog and I'll report back here once the fix is shipped.
heydarli
commented
2 years ago any update on this?
Is your feature request related to a problem? Please describe. When running pods with the following securityContext: securityContext: allowPrivilegeEscalation: false privileged: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 The final proxy pod with image lpkremoteagent:0.1.6 does not run but only gives the following error: Failed to create CoreCLR, HRESULT: 0x800040
Describe the solution you'd like Either the proxy image/pod adheres to the securityContext policy or strip the securityContext from the "cloned"pod manifest before running it. We can whitelist the cloned pods to run.
Describe alternatives you've considered Currently we are unable to use B2K as it requires alot of compromise to our security policy. We are using Azure policy in our AKS cluster.
Additional context We would appreciate it if you can consolidate the labels being used in the different proxy pods. It would be easier to whitelist B2K pods. Right now its 4 differents labels: routing.visualstudio.io/component mindaro.io/component routing.visualstudio.io/generated routing.visualstudio.io/route-from