Remediate Kyverno Failed Security Policies with new k8s-monitoring chart
With the transition to a new k8s-monitoring chart through this MR, the kyverno failed security policy needs to be applied and remediated to the new chart.
Error:
│ Warning InstallFailed 36s helm-controller Helm install failed for release monitoring/monitoring-alloy with chart k8s-monitoring@1.5.0-bb.0: failed pre-install: warning: Hook pre-install k8s-monitoring/charts/k8s-mon │ │ │
│ itoring/templates/hooks/validate-configuration.yaml failed: 1 error occurred: │ │ │
│ * admission webhook "validate.kyverno.svc-fail" denied the request: │ │ │
│ │ │ │
│ resource Pod/monitoring/validate-monitoring-alloy-k8s-monitoring was blocked due to the following policies │ │ │
│ │ │ │
│ require-drop-all-capabilities: │ │ │
│ drop-all-capabilities: 'validation failure: Containers must drop all Linux capabilities │ │ │
│ by setting the fields spec.containers[*].securityContext.capabilities.drop, spec.initContainers[*].securityContext.capabilities.drop, │ │ │
│ and spec.ephemeralContainers[*].securityContext.capabilities.drop to `ALL`.' │ │ │
│ require-non-root-group: │ │ │
│ run-as-group: 'validation failure: validation error: runAsGroup must be set to an │ │ │
│ id > 0 in either spec.securityContext.runAsGroup or (spec.containers[*].securityContext.runAsGroup, │ │ │
│ spec.initContainers[*].securityContext.runAsGroup, and spec.ephemeralContainers[*].securityContext.runAsGroup). │ │ │
│ rule run-as-group[0] failed at path /securityContext/' │ │ │
│ require-non-root-user: │ │ │
│ non-root-user: 'validation failure: validation error: Either `runAsNonRoot` must │ │ │
│ be set to true or `runAsUser` must be > 0 in spec.securityContext or (spec.containers[*].securityContext, │ │ │
│ spec.initContainers[*].securityContext, and spec.ephemeralContainers[*].securityContext). │ │ │
│ rule non-root-user[0] failed at path /securityContext/ rule non-root-user[1] failed │ │ │
│ at path /securityContext/'