You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Background here is that an empty initContainers: element will be created.
This is a bug from bitnami/postgresql Helm chart which was solved in bitnami/charts#14602.
With this bug kyverno will detect a problem when checking the chart (error message in code block below).
To Reproduce
Run kyverno with the mentioned policy and see error (executed through eclipse-tractusx/e2e-testing):
policy require-run-as-nonroot -> resource edc/StatefulSet/chart-consumer-postgresql failed:
1. autogen-run-as-non-root: validation error: Running as root is not allowed. Either the field spec.securityContext.runAsNonRoot must be set to `true`, or the fields spec.containers[*].securityContext.runAsNonRoot, spec.initContainers[*].securityContext.runAsNonRoot, and spec.ephemeralContainers[*].securityContext.runAsNonRoot must be set to `true`. rule autogen-run-as-non-root[0] failed at path /spec/template/spec/initContainers/ rule autogen-run-as-non-root[1] failed at path /spec/template/spec/initContainers/
policy require-run-as-nonroot -> resource edc/StatefulSet/chart-provider-postgresql failed:
1. autogen-run-as-non-root: validation error: Running as root is not allowed. Either the field spec.securityContext.runAsNonRoot must be set to `true`, or the fields spec.containers[*].securityContext.runAsNonRoot, spec.initContainers[*].securityContext.runAsNonRoot, and spec.ephemeralContainers[*].securityContext.runAsNonRoot must be set to `true`. rule autogen-run-as-non-root[0] failed at path /spec/template/spec/initContainers/ rule autogen-run-as-non-root[1] failed at path /spec/template/spec/initContainers/
Expected behavior
No nun-as-non-root error should occur.
Possible Implementation
To fix this problem only an update is required to at least bitnami/postgresql 12.1.13 - or latest version (currently 12.7.1).
If you want I can rase a PR for this.
The text was updated successfully, but these errors were encountered:
Describe the bug
Currently the Helm chart is using postgresql in version
12.1.6
:tractusx-edc/charts/tractusx-connector/Chart.yaml
Lines 59 to 64 in 968bb28
This version will fail to run the kyverno policy require-run-as-nonroot.yaml check.
Background here is that an empty
initContainers:
element will be created.This is a bug from bitnami/postgresql Helm chart which was solved in bitnami/charts#14602.
With this bug kyverno will detect a problem when checking the chart (error message in code block below).
To Reproduce
Run kyverno with the mentioned policy and see error (executed through eclipse-tractusx/e2e-testing):
Expected behavior
No nun-as-non-root error should occur.
Possible Implementation
To fix this problem only an update is required to at least bitnami/postgresql
12.1.13
- or latest version (currently12.7.1
).If you want I can rase a PR for this.
The text was updated successfully, but these errors were encountered: