UNCLASSIFIED - NO CUI

Skip to content

Fix security context capability violations

Robert Massey requested to merge 42-confdential-issue into main

General MR

Summary

Fix for security context capabilities violation for Thanos-minio

Relevant logs/screenshots

default                    8m21s       Warning   PolicyViolation                   clusterpolicy/require-drop-all-capabilities                                  Pod thanos/thanos-minio-ss-0-0: [drop-all-capabilities] fail (blocked); validation failure: Containers must drop all Linux capabilities by setting the fields spec.containers[*].securityContext.capabilities.drop, spec.initContainers[*].securityContext.capabilities.drop, and spec.ephemeralContainers[*].securityContext.capabilities.drop to `ALL`.

Linked Issue

issue

Upgrade Notices

N/A

Edited by Ryan Garcia

Merge request reports