[GitHub] [camel-k] gansheer opened a new issue, #4424: Warning from the operator pod on Openshift

Tue, 30 May 2023 02:29:10 -0700 


gansheer opened a new issue, #4424:
URL: https://github.com/apache/camel-k/issues/4424

   Deployment of camel-k operator 2.x (main branche) on Openshift results in 2 
messages of security warning from the operator pod.
   
   The first one is from the generation of the builder pod:
   ```json
   {
   "level":"info",
   "ts":1685437946.119213,
   "logger":"KubeAPIWarningLogger",
   "msg":"would violate PodSecurity \"restricted:latest\": 
allowPrivilegeEscalation != false (containers \"builder\", \"s2i\" must set 
securityContext.allowPrivilegeEscalation=false), unrestricted capabilities 
(containers \"builder\", \"s2i\" must set 
securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or 
containers \"builder\", \"s2i\" must set securityContext.runAsNonRoot=true), 
seccompProfile (pod or containers \"builder\", \"s2i\" must set 
securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"
   }
   ```
   
   The second one is from the generation of the integration pod:
   ```json
   {"level":"info",
   "ts":1685438084.8166873,
   "logger":"KubeAPIWarningLogger",
   "msg":"would violate PodSecurity \"restricted:latest\": 
allowPrivilegeEscalation != false (container \"integration\" must set 
securityContext.allowPrivilegeEscalation=false), unrestricted capabilities 
(container \"integration\" must set 
securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or 
container \"integration\" must set securityContext.runAsNonRoot=true), 
seccompProfile (pod or container \"integration\" must set 
securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"
   }
   ```
   
   These have been observed on local tests using 
[CRC](https://github.com/crc-org/crc).
   
   _Follow up from issue [Operator is not able to push builder image to the 
internal registry (OpenShift 
cluster)](https://github.com/apache/camel-k/issues/4297)._


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to