You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to install harbor via helm but it fails with. Understand it's a pod security issue, have already put serviceaccount in scc
W0516 06:52:32.103893 1298392 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "core" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "core" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "core" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "core" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") W0516 06:52:32.120683 1298392 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "jobservice" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "jobservice" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "jobservice" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "jobservice" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") W0516 06:52:32.137475 1298392 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "portal" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "portal" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "portal" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "portal" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") W0516 06:52:32.152585 1298392 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (containers "registry", "registryctl" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "registry", "registryctl" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "registry", "registryctl" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "registry", "registryctl" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") W0516 06:52:32.170394 1298392 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (containers "data-migrator", "data-permissions-ensurer", "database" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "data-migrator", "data-permissions-ensurer", "database" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "data-migrator", "data-permissions-ensurer", "database" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "data-migrator", "data-permissions-ensurer", "database" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") W0516 06:52:32.181714 1298392 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "redis" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "redis" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "redis" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "redis" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") W0516 06:52:32.195128 1298392 warnings.go:70] would violate PodSecurity "restricted:v1.24": unrestricted capabilities (container "trivy" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "trivy" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "trivy" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
How do I fix this in values.yaml?
Deployment information
OKD Cluster Version: 4.15.0-0.okd-2024-03-10-010116
Kernel version: v1.28.2-3598+6e2789bbd58938-dirty
The text was updated successfully, but these errors were encountered:
Hi,
I'm trying to install harbor via helm but it fails with. Understand it's a pod security issue, have already put serviceaccount in scc
W0516 06:52:32.103893 1298392 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "core" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "core" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "core" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "core" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") W0516 06:52:32.120683 1298392 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "jobservice" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "jobservice" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "jobservice" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "jobservice" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") W0516 06:52:32.137475 1298392 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "portal" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "portal" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "portal" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "portal" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") W0516 06:52:32.152585 1298392 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (containers "registry", "registryctl" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "registry", "registryctl" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "registry", "registryctl" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "registry", "registryctl" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") W0516 06:52:32.170394 1298392 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (containers "data-migrator", "data-permissions-ensurer", "database" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "data-migrator", "data-permissions-ensurer", "database" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "data-migrator", "data-permissions-ensurer", "database" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "data-migrator", "data-permissions-ensurer", "database" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") W0516 06:52:32.181714 1298392 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "redis" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "redis" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "redis" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "redis" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") W0516 06:52:32.195128 1298392 warnings.go:70] would violate PodSecurity "restricted:v1.24": unrestricted capabilities (container "trivy" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "trivy" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "trivy" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
How do I fix this in values.yaml?
Deployment information
OKD Cluster Version: 4.15.0-0.okd-2024-03-10-010116
Kernel version: v1.28.2-3598+6e2789bbd58938-dirty
The text was updated successfully, but these errors were encountered: