UNCLASSIFIED - NO CUI

Skip to content

Fix security context capability violations

Robert Massey requested to merge 141-confidential-issue into main

General MR

Summary

  • Added capabilities: drop: -ALL to keycloak securityContext

Relevant logs/screenshots

default                    37m         Warning   PolicyViolation                   clusterpolicy/require-drop-all-capabilities                                  Pod keycloak/keycloak-0: [drop-all-capabilities] fail (blocked); validation failure: Containers must drop all Linux capabilities by setting the fields spec.containers[*].securityContext.capabilities.drop, spec.initContainers[*].securityContext.capabilities.drop, and spec.ephemeralContainers[*].securityContext.capabilities.drop to `ALL`.

Linked Issue

issue

Upgrade Notices

N/A

Closes #141

Edited by Robert Massey

Merge request reports