You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
We deployed the csi-driver-smb in our OKD 4.12 cluster (K8s version: 1.25.0) using Helm and we received the below warning regarding pod security:
W1004 14:01:34.730203 23648 warnings.go:70] would violate PodSecurity "restricted:latest": host namespaces (hostNetwork=true), hostPort (container "smb" uses hostPort 29643), privileged (container "smb" must not set securityContext.privileged=true), allowPrivilegeEscalation != false (containers "liveness-probe", "node-driver-registrar", "smb" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "liveness-probe", "node-driver-registrar", "smb" must set securityContext.capabilities.drop=["ALL"]), restricted volume types (volumes "socket-dir", "mountpoint-dir", "registration-dir" use restricted volume type "hostPath"), runAsNonRoot != true (pod or containers "liveness-probe", "node-driver-registrar", "smb" must set securityContext.runAsNonRoot=true)
W1004 14:01:34.777198 23648 warnings.go:70] would violate PodSecurity "restricted:latest": host namespaces (hostNetwork=true), hostPort (container "smb" uses hostPorts 29642, 29644), privileged (container "smb" must not set securityContext.privileged=true), allowPrivilegeEscalation != false (containers "csi-provisioner", "liveness-probe", "smb" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "csi-provisioner", "liveness-probe", "smb" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "csi-provisioner", "liveness-probe", "smb" must set securityContext.runAsNonRoot=true)
NAME: csi-driver-smb
LAST DEPLOYED: Wed Oct 4 14:01:33 2023
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The CSI SMB Driver is getting deployed to your cluster.
OKD and OpenShift deployments require Security Context Constraints, what are not configurable in the module's Helm chart.
It'd be beneficial to have a few options, for example: runAsUser, runAsNonRoot, fsGroup.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello,
We deployed the csi-driver-smb in our OKD 4.12 cluster (K8s version: 1.25.0) using Helm and we received the below warning regarding pod security:
OKD and OpenShift deployments require Security Context Constraints, what are not configurable in the module's Helm chart.
It'd be beneficial to have a few options, for example: runAsUser, runAsNonRoot, fsGroup.
Beta Was this translation helpful? Give feedback.
All reactions