UNCLASSIFIED - NO CUI

Skip to content

Draft: Fix/update nginx security context

Noah Birrer requested to merge fix/update-nginx-security-context into main

General MR

Updating test manifest

Summary

Updates the nginx deployment in ./chart/tests/scripts/backup-restore.sh to use a pod securityContext the complies with the require-non-root-group policy

Relevant logs/screenshots

Test pod fails to create during bigbang tests due to kyverno policy:

Events:
  Type     Reason        Age   From                   Message
  ----     ------        ----  ----                   -------
  Warning  FailedCreate  10m   replicaset-controller  Error creating: admission webhook "validate.kyverno.svc-fail" denied the request: 
resource Pod/velero/velero-backup-restore-test-64bc6d777-6x7gk was blocked due to the following policies 
require-non-root-group:
  run-as-group: 'validation failure: validation error: runAsGroup must be set to an
    id > 0 in either spec.securityContext.runAsGroup or (spec.containers[*].securityContext.runAsGroup,
    spec.initContainers[*].securityContext.runAsGroup, and spec.ephemeralContainers[*].securityContext.runAsGroup).
    rule run-as-group[0] failed at path /securityContext/'

Linked Issue

big-bang/bigbang#1881 (closed)

Upgrade Notices

N/A

Merge request reports