Samuel Sarnowski requested to merge keycloak-remove-drop-all-capabilities-kyverno-exception into master Jun 27, 2024

Package Merge Request

Remove Keycloak drop all capabilities kyverno exception as it is no longer required with !4590 (merged) and only worked with a single replica as written.

Package Changes

N/A

Package MR

N/A

For Issue

Closes #2198 (closed)

Upgrade Notices

Any custom containers specified via addons.keycloak.values.extraContainers or addons.keycloak.values.extraInitContainers must now explicitly drop all capabilities as below, or an exception must be added to the Kyverno require-drop-all-capabilities policy.

addons:
  keycloak:
    values:
      extraInitContainers: |-
        - name: plugin
          image: registry1.dso.mil/ironbank/big-bang/p1-keycloak-plugin:3.4.0
          ...
          securityContext:
            capabilities:
              drop:
                - ALL

Edited Jun 27, 2024 by Samuel Sarnowski

Keycloak remove drop all capabilities kyverno exception

Package Merge Request

Package Changes

Package MR

For Issue

Upgrade Notices

Merge request reports