You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Deploy the mimir-distributed Helm chart to a namespace with label 'pod-security.kubernetes.io/enforce': 'restricted' with Helm values continuous_test.enabled = true.
Describe the continuous_test replicaset and view error message:
Error creating: pods "mimir-continuous-test-6f676f85d7-85xcv" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "continuous-test" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "continuous-test" must set securityContext.capabilities.drop=["ALL"])
Expected behavior
continuous_test should deploy without issues using the default security context.
Describe the bug
All microservices except
continuous_test
default to the container security context:continuous_test
instead defaults to only:(from
operations/helm/charts/mimir-distributed/values.yaml#L4377
)This causes the
continuous_test
deployment to fail when running with'pod-security.kubernetes.io/enforce': 'restricted'
on the namespace (as recommended for security compliance in Mimir documentation).To Reproduce
mimir-distributed
Helm chart to a namespace with label'pod-security.kubernetes.io/enforce': 'restricted'
with Helm valuescontinuous_test.enabled = true
.continuous_test
replicaset and view error message:Expected behavior
continuous_test
should deploy without issues using the default security context.Environment
Kubernetes 1.30 running on AWS EKS.
Helm through Terraform, provider version
2.13.2
.The text was updated successfully, but these errors were encountered: