Bug-fix Confluence deployment with Kyverno Policies enabled

Description

Installation using the default values in the doc results in the error below.

Bug

Warning  FailedCreate  4m (x19 over 25m)  statefulset-controller  create Pod confluence-0 in StatefulSet confluence failed error: admission webhook "validate.kyverno.svc-fail" denied the request: 

resource Pod/confluence/confluence-0 was blocked due to the following policies 

require-drop-all-capabilities:
 drop-all-capabilities: 'validation failure: Containers must drop all Linux capabilities
   by setting the fields spec.containers[*].securityContext.capabilities.drop, spec.initContainers[*].securityContext.capabilities.drop,
   and spec.ephemeralContainers[*].securityContext.capabilities.drop to ALL.'

Solution

Setting require-drop-all-capabilities to Audit allows Confluence to install. Confluence chart would need to be updated with drop: ALL added to the securityContext

Admin message

Bug-fix Confluence deployment with Kyverno Policies enabled

Description

Bug

Solution