I would like to add allowPrivilegeEscalation #5961
Comments
|
what's the result of |
|
@csuzhangxc , it ask me enter the password |
|
I tried to create a Pod directly with the following YAML, and it asked me to enter the password. So if we want to fully disable this, we may also need to rebuild the image. apiVersion: v1
kind: Pod
metadata:
name: non-root-pod
spec:
securityContext:
runAsNonRoot: true
containers:
- name: my-container
image: pingcap/tidb-dashboard:v8.4.0
command: ["sh", "-c", "sleep 1h"]
securityContext:
allowPrivilegeEscalation: false
runAsUser: 101 |
Hi @csuzhangxc, Do you know how to do configure to fully disable this? |
|
Hi @csuzhangxc , |
We plan to add this field into our TidbCluster CRD |
|
Hi Cody,
Thanks for your reply, may I ask which release we are going to add this
field into TidbCluster CRD? and I'm wondering to know, if there has the
tutorial steps and the repo for update?
Best,
Jackson Chen
Cody (Xuecheng) Zhang ***@***.***> 於 2025年1月23日 週四 下午4:44寫道:
… Hi @csuzhangxc <https://github.com/csuzhangxc> , I'm wondering to know is
there have any update with it? Thanks.
We plan to add this field into our TidbCluster CRD
—
Reply to this email directly, view it on GitHub
<#5961 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AI6YIFFBRZRLXOWRETQ2KUT2MCTVFAVCNFSM6AAAAABS2QON4KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMMBZGE3TSNJUHE>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Env: GKE 1.30.5-gke.1443001
TiDB: 8.4.0
I have try to modify the CRD tidbdashboards.pingcap.com add the securityContext.allowPrivilegeEscalation to initContinaer\ ephemeral\ containerable. After that I could add it on Kind:TidbDashboard and apply successful but still could exec pod tidbdashboard and execute su - .
Here is my tidb-dashboard and crd tidbdashboards.pingcap.com configuration.
tidb.zip
The text was updated successfully, but these errors were encountered: