You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue was created to track all open kyverno findings with the current Helm chart.
For each distinct finding I've already created a PR or issue.
Some of them might already be merged but not yet released.
findings
1 - certs daps
solved
finding message
policy require-run-as-nonroot -> resource default/Job/chart-certsconsumer-cert-transfer-daps failed:
1. autogen-run-as-non-root: validation error: Running as root is not allowed. Either the field spec.securityContext.runAsNonRoot must be set to `true`, or the fields spec.containers[*].securityContext.runAsNonRoot, spec.initContainers[*].securityContext.runAsNonRoot, and spec.ephemeralContainers[*].securityContext.runAsNonRoot must be set to `true`. rule autogen-run-as-non-root[0] failed at path /spec/template/spec/securityContext/ rule autogen-run-as-non-root[1] failed at path /spec/template/spec/containers/0/securityContext/
policy require-run-as-nonroot -> resource default/Job/chart-certsprovider-cert-transfer-daps failed:
1. autogen-run-as-non-root: validation error: Running as root is not allowed. Either the field spec.securityContext.runAsNonRoot must be set to `true`, or the fields spec.containers[*].securityContext.runAsNonRoot, spec.initContainers[*].securityContext.runAsNonRoot, and spec.ephemeralContainers[*].securityContext.runAsNonRoot must be set to `true`. rule autogen-run-as-non-root[0] failed at path /spec/template/spec/securityContext/ rule autogen-run-as-non-root[1] failed at path /spec/template/spec/containers/0/securityContext/
policy require-run-as-nonroot -> resource poc-argocd/StatefulSet/chart-consumer-postgresql failed:
1. autogen-run-as-non-root: validation error: Running as root is not allowed. Either the field spec.securityContext.runAsNonRoot must be set to `true`, or the fields spec.containers[*].securityContext.runAsNonRoot, spec.initContainers[*].securityContext.runAsNonRoot, and spec.ephemeralContainers[*].securityContext.runAsNonRoot must be set to `true`. rule autogen-run-as-non-root[0] failed at path /spec/template/spec/initContainers/ rule autogen-run-as-non-root[1] failed at path /spec/template/spec/initContainers/
policy require-run-as-nonroot -> resource poc-argocd/StatefulSet/chart-provider-postgresql failed:
1. autogen-run-as-non-root: validation error: Running as root is not allowed. Either the field spec.securityContext.runAsNonRoot must be set to `true`, or the fields spec.containers[*].securityContext.runAsNonRoot, spec.initContainers[*].securityContext.runAsNonRoot, and spec.ephemeralContainers[*].securityContext.runAsNonRoot must be set to `true`. rule autogen-run-as-non-root[0] failed at path /spec/template/spec/initContainers/ rule autogen-run-as-non-root[1] failed at path /spec/template/spec/initContainers/
policy require-run-as-nonroot -> resource default/Pod/chart-edcconsumertest-controlplane-readiness failed:
1. run-as-non-root: validation error: Running as root is not allowed. Either the field spec.securityContext.runAsNonRoot must be set to `true`, or the fields spec.containers[*].securityContext.runAsNonRoot, spec.initContainers[*].securityContext.runAsNonRoot, and spec.ephemeralContainers[*].securityContext.runAsNonRoot must be set to `true`. rule run-as-non-root[0] failed at path /spec/securityContext/ rule run-as-non-root[1] failed at path /spec/containers/0/securityContext/
policy require-run-as-nonroot -> resource default/Pod/chart-edcconsumertest-dataplane-readiness failed:
1. run-as-non-root: validation error: Running as root is not allowed. Either the field spec.securityContext.runAsNonRoot must be set to `true`, or the fields spec.containers[*].securityContext.runAsNonRoot, spec.initContainers[*].securityContext.runAsNonRoot, and spec.ephemeralContainers[*].securityContext.runAsNonRoot must be set to `true`. rule run-as-non-root[0] failed at path /spec/securityContext/ rule run-as-non-root[1] failed at path /spec/containers/0/securityContext/
policy require-run-as-nonroot -> resource default/Pod/chart-edcprovidertest-controlplane-readiness failed:
1. run-as-non-root: validation error: Running as root is not allowed. Either the field spec.securityContext.runAsNonRoot must be set to `true`, or the fields spec.containers[*].securityContext.runAsNonRoot, spec.initContainers[*].securityContext.runAsNonRoot, and spec.ephemeralContainers[*].securityContext.runAsNonRoot must be set to `true`. rule run-as-non-root[0] failed at path /spec/securityContext/ rule run-as-non-root[1] failed at path /spec/containers/0/securityContext/
policy require-run-as-nonroot -> resource default/Pod/chart-edcprovidertest-dataplane-readiness failed:
1. run-as-non-root: validation error: Running as root is not allowed. Either the field spec.securityContext.runAsNonRoot must be set to `true`, or the fields spec.containers[*].securityContext.runAsNonRoot, spec.initContainers[*].securityContext.runAsNonRoot, and spec.ephemeralContainers[*].securityContext.runAsNonRoot must be set to `true`. rule run-as-non-root[0] failed at path /spec/securityContext/ rule run-as-non-root[1] failed at path /spec/containers/0/securityContext/
policy require-run-as-nonroot -> resource poc-argocd/Pod/chart-server-test failed:
1. run-as-non-root: validation error: Running as root is not allowed. Either the field spec.securityContext.runAsNonRoot must be set to `true`, or the fields spec.containers[*].securityContext.runAsNonRoot, spec.initContainers[*].securityContext.runAsNonRoot, and spec.ephemeralContainers[*].securityContext.runAsNonRoot must be set to `true`. rule run-as-non-root[0] failed at path /spec/securityContext/ rule run-as-non-root[1] failed at path /spec/containers/0/securityContext/
policy require-run-as-nonroot -> resource default/Deployment/chart-daps failed:
1. autogen-run-as-non-root: validation error: Running as root is not allowed. Either the field spec.securityContext.runAsNonRoot must be set to `true`, or the fields spec.containers[*].securityContext.runAsNonRoot, spec.initContainers[*].securityContext.runAsNonRoot, and spec.ephemeralContainers[*].securityContext.runAsNonRoot must be set to `true`. rule autogen-run-as-non-root[0] failed at path /spec/template/spec/securityContext/runAsNonRoot/ rule autogen-run-as-non-root[1] failed at path /spec/template/spec/initContainers/0/securityContext/
These findings where detected on commit 4346500 after the kyverno wf was introduced.
By now or when e.g. v0.5.0 of the edc chart (without legacy) will be implemented the findings will change.
The text was updated successfully, but these errors were encountered:
Applying the Kyverno policies via workflow has been put on hold as it is not in the focus now and products should fix these issues in their own chart before implementing them as a dependency here. I'm closing this one and will create a new issue once it gets more relevance.
This issue was created to track all open kyverno findings with the current Helm chart.
For each distinct finding I've already created a PR or issue.
Some of them might already be merged but not yet released.
findings
1 - certs daps
finding message
Resolved via #30
2 - psql
finding message
Resolved via eclipse-tractusx/tractusx-edc#677
3 - tx edc non-root
finding message
Resolved via eclipse-tractusx/tractusx-edc#637
4 - vault non-root (test)
finding message
Require Helm chart update from 0.20.0 to 0.25.0
Resolved via hashicorp/vault-helm#930
5 - description
finding message
Resolved via eclipse-tractusx/tractusx-edc#679
Additional information
These findings where detected on commit 4346500 after the kyverno wf was introduced.
By now or when e.g. v0.5.0 of the edc chart (without legacy) will be implemented the findings will change.
The text was updated successfully, but these errors were encountered: