Closed gowrishdc closed 1 year ago
We will need to add ContainerSecurityContext to InitContainer and ensure that the creation of the init container uses the properties. We will prioritize this for SCDF 2.10.1 which is planned for early in the new year.
Description Related Issue in spring cloud data flow project: issue created in dataflow project for the same
Note: I believe the code fix is probably in this project so adding /linking it here to get attention.
Require the Stream and Task PODS that are created by the deploy process have the capability to control controller level securityContext/allowPrivilegeEscalation attribute.
The resulting deployment creates the securityContext/allowPrivilegeEscalation for the container sections. However, it does not create the securityContext for the initContainers that are created for the "log" sink application which has a deployment count of 3. As part of that the App is "scaled" deployed with initContainer that does not have the securityContext.
The security policy stops all deployment that does not have securityContext/allowPrivilegeEscalation: false and that is causing this stream deployment to fail with this error message:
Steps to reproduce:
Please let me know if you need more information.
Additional information:
https://github.com/spring-cloud/spring-cloud-deployer-kubernetes/blob/e6f4b23705722e48f789a0ae8adb7bd790f860db/src/main/java/org/springframework/cloud/deployer/spi/kubernetes/KubernetesAppDeployer.java#L314
https://github.com/spring-cloud/spring-cloud-deployer-kubernetes/blob/e6f4b23705722e48f789a0ae8adb7bd790f860db/src/main/java/org/springframework/cloud/deployer/spi/kubernetes/KubernetesAppDeployer.java#L491-L506
Should the initContainer need something like this that is done for the container section: https://github.com/spring-cloud/spring-cloud-deployer-kubernetes/blob/e6f4b23705722e48f789a0ae8adb7bd790f860db/src/main/java/org/springframework/cloud/deployer/spi/kubernetes/AbstractKubernetesDeployer.java#L256-L259