Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add securitycontext to keystore container #820

Merged
merged 1 commit into from
May 28, 2024
Merged

Add securitycontext to keystore container #820

merged 1 commit into from
May 28, 2024

Conversation

cthtrifork
Copy link
Contributor

@cthtrifork cthtrifork commented May 22, 2024
edited
Loading

Description

This fixes the issue found in this kubernetes event log:

create Pod opensearch-data-0 in StatefulSet opensearch-data failed error: pods "opensearch-data-0" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "keystore" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "keystore" must set securityContext.capabilities.drop=["ALL"])

When we are running

labels:
    pod-security.kubernetes.io/enforce: restricted

Issues Resolved

List any issues this PR will resolve, e.g. Closes [...].

Check List

  • Commits are signed per the DCO using --signoff
  • Unittest added for the new/changed functionality and all unit tests are successful
  • Customer-visible features documented
  • No linter warnings (make lint)

If CRDs are changed:

  • CRD YAMLs updated (make manifests) and also copied into the helm chart
  • Changes to CRDs documented

Please refer to the PR guidelines before submitting this pull request.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@cthtrifork
Add securitycontext to keystore container
65f52c1 
Signed-off-by: Casper Thygesen <cth@trifork.com>
@cthtrifork cthtrifork force-pushed the feature/add-security-context-to-keystore-container branch from ddb95c9 to 65f52c1 Compare May 22, 2024 18:53
swoehrl-mw
swoehrl-mw approved these changes May 28, 2024
View reviewed changes
Copy link
Collaborator

@swoehrl-mw swoehrl-mw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@swoehrl-mw swoehrl-mw merged commit f58948e into opensearch-project:main May 28, 2024
9 checks passed
@prudhvigodithi prudhvigodithi mentioned this pull request Jun 19, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@swoehrl-mw swoehrl-mw swoehrl-mw approved these changes

@idanl21 idanl21 Awaiting requested review from idanl21 idanl21 is a code owner

@dbason dbason Awaiting requested review from dbason dbason is a code owner

@prudhvigodithi prudhvigodithi Awaiting requested review from prudhvigodithi prudhvigodithi is a code owner

@jochenkressin jochenkressin Awaiting requested review from jochenkressin jochenkressin is a code owner

@pchmielnik pchmielnik Awaiting requested review from pchmielnik pchmielnik is a code owner

@salyh salyh Awaiting requested review from salyh salyh is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@cthtrifork @swoehrl-mw