UNCLASSIFIED - NO CUI

Skip to content

Draft: Update volume upgrade job securitycontext

Bulat Khamitov requested to merge update-volume-upgrade-job-securitycontext into main

General MR

Summary

  • Update securityContext for volume-upgrade-jobs

Relevant logs/screenshots

[pod/kyverno-admission-controller-bb46c95fb-8l66h/kyverno] I0611 18:07:30.416431 1 event_broadcaster.go:338] "Event occurred" object="require-drop-all-capabilities" kind="ClusterPolicy" apiVersion="kyverno.io/v1" type="Warning" reason="PolicyViolation" action="Resource Blocked" note="Pod twistlock/volume-upgrade-job-4m8ch: [drop-all-capabilities] fail (blocked); validation failure: Containers must drop all Linux capabilities by setting the fields spec.containers[*].securityContext.capabilities.drop, spec.initContainers[*].securityContext.capabilities.drop, and spec.ephemeralContainers[*].securityContext.capabilities.drop to ALL."

Upgrade Notices

N/A

Merge request reports