Closed mgrzybek closed 10 months ago
I encounter a similar issue where I have a policy in AKS and I need to change the securityContext
The securityContext under spec.template.spec is set to:
securityContext:
runAsUser: 65532
Which cause the following error:
Error creating: admission webhook "validation.gatekeeper.sh" denied the request: [azurepolicy-k8sazurev3noprivilegeescalatio-329f1c51ff130dd44f2e] Privilege escalation container is not allowed: kube-rbac-proxy
if changing it to the following it fixes the error:
securityContext:
runAsNonRoot: true
Some templating is needed to set some security context rules.
https://github.com/redpanda-data/redpanda/blob/f12e562db3b0eecfe4b32824a2b7375f55f5cbda/src/go/k8s/helm-chart/charts/redpanda-operator/templates/deployment.yaml#L97
Deploying on Openshift is not allowed because of some default values. The only allowed namespace is
default
.