You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by "gansheer (via GitHub)" <gi...@apache.org> on 2023/05/30 09:29:06 UTC
[GitHub] [camel-k] gansheer opened a new issue, #4424: Warning from the operator pod on Openshift
gansheer opened a new issue, #4424:
URL: https://github.com/apache/camel-k/issues/4424
Deployment of camel-k operator 2.x (main branche) on Openshift results in 2 messages of security warning from the operator pod.
The first one is from the generation of the builder pod:
```json
{
"level":"info",
"ts":1685437946.119213,
"logger":"KubeAPIWarningLogger",
"msg":"would violate PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (containers \"builder\", \"s2i\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers \"builder\", \"s2i\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or containers \"builder\", \"s2i\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers \"builder\", \"s2i\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"
}
```
The second one is from the generation of the integration pod:
```json
{"level":"info",
"ts":1685438084.8166873,
"logger":"KubeAPIWarningLogger",
"msg":"would violate PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (container \"integration\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"integration\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or container \"integration\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container \"integration\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"
}
```
These have been observed on local tests using [CRC](https://github.com/crc-org/crc).
_Follow up from issue [Operator is not able to push builder image to the internal registry (OpenShift cluster)](https://github.com/apache/camel-k/issues/4297)._
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] gansheer commented on issue #4424: Security warning messages from the operator pod on Openshift
Posted by "gansheer (via GitHub)" <gi...@apache.org>.
gansheer commented on issue #4424:
URL: https://github.com/apache/camel-k/issues/4424#issuecomment-1671562325
@squakez I'll look into it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] squakez closed issue #4424: Security warning messages from the operator pod on Openshift
Posted by "squakez (via GitHub)" <gi...@apache.org>.
squakez closed issue #4424: Security warning messages from the operator pod on Openshift
URL: https://github.com/apache/camel-k/issues/4424
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org