search

zachomedia / cert-manager-webhook-pdns

A PowerDNS webhook for cert-manager
MIT License
59 stars 35 forks source link

move to unprivileged containerPort #24

Closed alexminder closed 1 year ago

alexminder commented 1 year ago

containerPort: 443 is hardcoded in to charts.

It requires to run pod in privileged mode:

securityContext:
        runAsUser: 0
        runAsGroup: 0

And for OpenShift configure SCC require:

$ oc adm policy add-scc-to-user privileged -z system:serviceaccount:<NS>:<SA>

These are pointless actions and security downgrades. Can you change to unprivileged port, 8443?

zachomedia commented 1 year ago

Hello @alexminder, thanks for this request. I'll take a look to see what can be done for this as the webserver is setup by the upstream libraries.

zachomedia commented 1 year ago

Chart version v2.2.0 should now resolve this issue :)