Fixing PodSecurity Admission warnings for deployments
Issue
-
Why I am receiving warnings related to Pod Security even though the deployment is running with
restricted-v2
SCC?$ oc create deployment hello-node --image=k8s.gcr.io/e2e-test-images/agnhost:2.33 -- /agnhost serve-hostname Warning: would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "agnhost" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "agnhost" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "agnhost" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "agnhost" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost") deployment.apps/hello-node created
$ oc describe pod hello-node-855787d74c-h99pg | grep scc openshift.io/scc: restricted-v2
-
Such warnings could be seen for pods running inside openshift-operators namespace as well.
Environment
- Red Hat OpenShift Container Platform (RHOCP)
- 4.11+
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.