As we testing for chart compatible on this new cluster.
We run into this issue from Pod Security perspective
violates PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "xgql" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "xgql" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "xgql" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "xgql" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
We have made the below modification to our values file
apiVersion: v1
name: universal-crossplane-proxy
type: application
version: 1.9.0-up.1.rc.1.8.gdcbb1fd
description: Universal Crossplane is an open source Kubernetes add-on that enables platform teams to assemble infrastructure from multiple vendors, and expose higher level self-service APIs for application teams to consume.
dependencies:
- name: universal-crossplane
version: 1.9.0-up.1.rc.1.8.gdcbb1fd
repository: https://github.vodafone.com/raw/VFDE-ModGarage/VF-DE-HelmChart-Repository/master
How can we reproduce it?
Deploy a 1.9.0-up.1.rc.1.8.gdcbb1fd chart on EKS 1.27 Cluster.
What environment did it happen in?
UXP version:
cant validate
* Cloud provider or hardware configuration : AWS
* Kubernetes version :: 1.27
* Kubernetes distribution EKS
* OS Amazon Linux
* Kernel 4.14.336-257.562.amzn2.x86_64 #1 SMP Sat Feb 24 09:50:35 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
What happened?
We have universal-crossplane deployed on our EKS 1.27 with chart version 1.9.1-up.2. They components that we use,
universal-crossplane : tag: v1.9.1-up.2 xgql: tag: v0.1.5 agent: tag: v1.9.1-up.2 bootstrapper: tag: v1.9.1-up.2
As we testing for chart compatible on this new cluster.
We run into this issue from Pod Security perspective
violates PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "xgql" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "xgql" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "xgql" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "xgql" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
We have made the below modification to our values file
Chart.yaml
How can we reproduce it?
Deploy a 1.9.0-up.1.rc.1.8.gdcbb1fd chart on EKS 1.27 Cluster.
What environment did it happen in?
UXP version:
cant validate