Robert Massey requested to merge 6-confidential-issue into main Apr 01, 2024

General MR

Summary

Moved base securityContext values into values.yaml file
Added capabilities: drop: -ALL to securityContext

Relevant logs/screenshots

default                    8m58s       Warning   PolicyViolation                   clusterpolicy/require-drop-all-capabilities                                  Pod holocron/holocron-api-57c96d8c67-kmdjh: [drop-all-capabilities] fail (blocked); validation failure: Containers must drop all Linux capabilities by setting the fields spec.containers[*].securityContext.capabilities.drop, spec.initContainers[*].securityContext.capabilities.drop, and spec.ephemeralContainers[*].securityContext.capabilities.drop to `ALL`.
default                    9m          Warning   PolicyViolation                   clusterpolicy/require-drop-all-capabilities                                  Pod holocron/holocron-gitlab-workflow-0-9f59f5d8-8jgnx: [drop-all-capabilities] fail (blocked); validation failure: Containers must drop all Linux capabilities by setting the fields spec.containers[*].securityContext.capabilities.drop, spec.initContainers[*].securityContext.capabilities.drop, and spec.ephemeralContainers[*].securityContext.capabilities.drop to `ALL`.
default                    9m          Normal    PolicyApplied                     clusterpolicy/restrict-seccomp                                               Pod holocron/holocron-gitlab-workflow-0-9f59f5d8-8jgnx: pass
default                    9m2s        Warning   PolicyViolation                   clusterpolicy/require-drop-all-capabilities                                  Pod holocron/holocron-gitlab-build-0-844687755f-l4rdb: [drop-all-capabilities] fail (blocked); validation failure: Containers must drop all Linux capabilities by setting the fields spec.containers[*].securityContext.capabilities.drop, spec.initContainers[*].securityContext.capabilities.drop, and spec.ephemeralContainers[*].securityContext.capabilities.drop to `ALL`.
default                    9m2s        Warning   PolicyViolation                   clusterpolicy/require-drop-all-capabilities                                  Pod holocron/holocron-sonarqube-project-analysis-0-7f6558df9f-4hglh: [drop-all-capabilities] fail (blocked); validation failure: Containers must drop all Linux capabilities by setting the fields spec.containers[*].securityContext.capabilities.drop, spec.initContainers[*].securityContext.capabilities.drop, and spec.ephemeralContainers[*].securityContext.capabilities.drop to `ALL`.
default                    9m2s        Warning   PolicyViolation                   clusterpolicy/require-drop-all-capabilities                                  Pod holocron/holocron-gitlab-scm-0-794698c569-r2b8v: [drop-all-capabilities] fail (blocked); validation failure: Containers must drop all Linux capabilities by setting the fields spec.containers[*].securityContext.capabilities.drop, spec.initContainers[*].securityContext.capabilities.drop, and spec.ephemeralContainers[*].securityContext.capabilities.drop to `ALL`.
default                    9m3s        Warning   PolicyViolation                   clusterpolicy/require-drop-all-capabilities                                  Pod holocron/holocron-frontend-85c8696b9b-4ttdt: [drop-all-capabilities] fail (blocked); validation failure: Containers must drop all Linux capabilities by setting the fields spec.containers[*].securityContext.capabilities.drop, spec.initContainers[*].securityContext.capabilities.drop, and spec.ephemeralContainers[*].securityContext.capabilities.drop to `ALL`.

Linked Issue

issue

Upgrade Notices

N/A

Closes #6

Admin message

Fix security context capability violations

General MR

Summary

Relevant logs/screenshots

Linked Issue

Upgrade Notices

Merge request reports