Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warning about PodSecurity when applying some manifests from the E2E tests in OpenShift 4.11 #1262

Closed
iblancasa opened this issue Nov 17, 2022 · 6 comments
Closed

Warning about PodSecurity when applying some manifests from the E2E tests in OpenShift 4.11 #1262

iblancasa opened this issue Nov 17, 2022 · 6 comments
Labels
area:auto-instrumentation Issues for auto-instrumentation bug Something isn't working

Comments

@iblancasa
Copy link
Contributor

When applying some of the manifest from the E2E tests, this error is shown:

Warning: would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "myapp" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "myapp" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "myapp" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "myapp" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

The files with this problem are:

tests/e2e/instrumentation-dotnet-multicontainer/01-install-app.yaml
tests/e2e/instrumentation-dotnet-multicontainer/02-install-app.yaml
tests/e2e/instrumentation-dotnet/01-install-app.yaml
tests/e2e/instrumentation-java-multicontainer/01-install-app.yaml
tests/e2e/instrumentation-java-multicontainer/02-install-app.yaml
tests/e2e/instrumentation-java-other-ns/01-install-app.yaml
tests/e2e/instrumentation-java/01-install-app.yaml
tests/e2e/instrumentation-nodejs-multicontainer/01-install-app.yaml
tests/e2e/instrumentation-nodejs-multicontainer/02-install-app.yaml
tests/e2e/instrumentation-nodejs/01-install-app.yaml
tests/e2e/instrumentation-python-multicontainer/01-install-app.yaml
tests/e2e/instrumentation-python-multicontainer/02-install-app.yaml
tests/e2e/instrumentation-python/01-install-app.yaml
tests/e2e/instrumentation-sdk/01-install-app.yaml
@iblancasa iblancasa mentioned this issue Nov 17, 2022
Closed
@jawnsy jawnsy mentioned this issue Nov 18, 2022
Open
@jaronoff97
Copy link
Contributor

@iblancasa is this still an issue?

@iblancasa
Copy link
Contributor Author

AFAIK, yes.

@jaronoff97 jaronoff97 added bug Something isn't working area:auto-instrumentation Issues for auto-instrumentation labels Nov 29, 2023
@iblancasa
Copy link
Contributor Author

@IshwarKanse with the changes done to the new test framework, are those warnings still there?

@IshwarKanse
Copy link
Contributor

@iblancasa I'll check and update the issue.

@IshwarKanse
Copy link
Contributor

@iblancasa There are no PodSecurity warnings anymore, I checked in OpenShift 4.15. However the instrumentation tests needs to be updated as the asserts are wrong. I was manually running the tests one-by-one and noticed that the tests pass however for many tests the pods run into Error and CrashLoops which is not detected by the current assert. I'm working on a PR to fix this. Will complete it in the next week.

@IshwarKanse
Copy link
Contributor

@iblancasa @jaronoff97 We can close this issue as we are not running into the PodSecurity warnings anymore. Also I have resolved issues with asserts, security contexts in this PR, pending merge. #2702

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area:auto-instrumentation Issues for auto-instrumentation bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix PodSecurity Warning iblancasa/opentelemetry-operator
3 participants
@iblancasa @jaronoff97 @IshwarKanse