You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In a namespace with label pod-security.kubernetes.io/enforce: restricted, the cockroachdb cluster created by the operator does not start :
create Pod crdb-0 in StatefulSet crdb failed error: pods "crdb-0" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "db" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "db-init", "db" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "db-init", "k8tz", "db" must set securityContext.runAsNonRoot=true), runAsUser=0 (container "db-init" must not set runAsUser=0), seccompProfile (pod or containers "db-init", "db" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
Is there a way to update pods and containers securityContext to match requirements ? It seams that in the crdb helm chart theses values are properly populated
The text was updated successfully, but these errors were encountered:
Hello,
In a namespace with label
pod-security.kubernetes.io/enforce: restricted
, the cockroachdb cluster created by the operator does not start :Is there a way to update pods and containers securityContext to match requirements ? It seams that in the crdb helm chart theses values are properly populated
The text was updated successfully, but these errors were encountered: