Andrew Kesterson requested to merge 155_securitycontext into main Jun 28, 2024

General MR

Summary

This corrects the postgresql pod securitycontext configuration to pass kyverno tests, discovered during mergeback of the previous MR on #156 into the bigbang umbrella chart.

Relevant logs/screenshots

Before

0s (x17 over 6m2s)    Warning   FailedCreate            StatefulSet/mattermost-postgresql                       create Pod mattermost-postgresql-0 in StatefulSet mattermost-postgresql failed error: admission webhook "validate.kyverno.svc-fail" denied the request: 

resource Pod/mattermost/mattermost-postgresql-0 was blocked due to the following policies 

require-non-root-group:
  run-as-group: 'validation failure: validation error: runAsGroup must be set to an
    id > 0 in either spec.securityContext.runAsGroup or (spec.containers[*].securityContext.runAsGroup,
    spec.initContainers[*].securityContext.runAsGroup, and spec.ephemeralContainers[*].securityContext.runAsGroup).
    rule run-as-group[0] failed at path /securityContext/runAsGroup/'
restrict-host-path-write:
  require-readonly-hostpath: rule skipped

After, mattermost works and tests pass

Linked Issue

155

Upgrade Notices

N/A

#155: Add correct pod security context values to pass kyverno tests for postgresql

General MR

Summary

Relevant logs/screenshots

Linked Issue

Upgrade Notices

Merge request reports