root Group not compliant with Baseline PodSecurityStandard

[dirsigler]

With these commits...
...for the Dockerfile: 8e556d6
...for the Helm Chart: SonarSource/helm-chart-sonarqube@9b273fc

Sonarqube is no longer compliant with the Baseline PodSecurityStandard.

After a pending upgrade to sonarqube-10.5.0_2748 I face following issue:

create Pod sonarqube-sonarqube-0 in StatefulSet sonarqube-sonarqube failed error: pods "sonarqube-sonarqube-0" is forbidden: violates PodSecurity "baseline:latest": privileged (containers "init-sysctl", "concat-properties", "install-plugins" must not set securityContext.privileged=true)

To solve it I removed the enforced Baseline PSS for this deployments namespace, which is not really the happy path I would take as it worked before.

[jCOTINEAU]

Hello @dirsigler, thanks a lot for taking the time to participate in the community.

Could you share your value file and double check that you have not set specific security context for initContainers at some point?

Because the default set of value set privileged=true only for init-sysctl which is a specific case described in the production section of the helm chart README.