Fix popeye scan in kubernetes 1.25 - Githubissues

undistro / zora

Zora is an open source solution that helps you achieve compliance with Kubernetes best practices recommended by industry-leading frameworks. By scanning your cluster with multiple plugins, Zora identifies potential issues, misconfigurations, and vulnerabilities.

https://getup.io/opensource/zora-oss

Apache License 2.0

280 stars 24 forks source link

Fix popeye scan in kubernetes 1.25 #185

Closed matheusfm closed 1 year ago

matheusfm commented 1 year ago

Description

When checking a cluster running kubernetes 1.25, popeye fails because the resource policy/v1beta1/podsecuritypolicies has been removed.

While PR https://github.com/derailed/popeye/pull/239 is not merged, we can use a fork https://github.com/undistro/popeye.

Our fork uses a non-root user in popeye docker image. So we can set securityContext.runAsNonRoot to true in CronJobs.

Linked Issues

https://github.com/derailed/popeye/pull/239

How has this been tested?

Creating Clusters and ClusterScans

Checklist

[x] I have labeled this PR with the relevant Type labels
[x] I have documented my code (if applicable)
[x] My changes are covered by tests