Kiali Operator deployment in Kubernets missing security Context in Kiali CR #4774
Replies: 2 comments
-
You did not mention what version of Kiali you are using or on what Kubernetes cluster (vendor/version) you have. I will assume the latest Kiali (1.47) and Kubernetes 1.22 (I'm using Minikube 1.24 with Kubernetes v1.22). In this case it should not be true that Kiali is "run with root user." If by "kiali CR image" you mean the container image that is run in the Kiali Server pod, then since version v1.35 you will see that Kiali does not run as root. When the operator installs the Kiali Server deployment, it gets this:
So it runs explicitly as non-root. This is fixed - you cannot configure the securityContext of the Kiali pod from the Kiali CR. You must run it as non-root with no privileges and no privilege escalation, as you see above. You can see the value of your running Kiali server pod's securityContext
That will output
FYI: This behavior changed in v1.35 (as you see here in this commit). So if you are using Kiali 1.34 or below, then you need to upgrade to at least Kiali v1.35 to get this non-root securityContext. And just for completeness, the operator also runs as non-root. Run this command to see that (note: I installed the operator in
|
Beta Was this translation helpful? Give feedback.
-
Thank you very much for the info @jmazzitelli |
Beta Was this translation helpful? Give feedback.
-
Hi Team,
I am Using kiali Operator helm charts and I observed that kiali CR image is hard coded to run with root user,
We actually provide this configuration to kubernetes deployments to change the default behaviour.
But I didnt find a way to do this for kiali CR can anyone suggest please?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions