Skip to content
This repository has been archived by the owner on Jan 12, 2023. It is now read-only.

"runAsNonRoot: true" should be in Pod and Container SecurityContexts #129

Open
hikkyXII opened this issue Nov 1, 2021 · 5 comments
Open

"runAsNonRoot: true" should be in Pod and Container SecurityContexts #129

hikkyXII opened this issue Nov 1, 2021 · 5 comments

Comments

@hikkyXII
Copy link

hikkyXII commented Nov 1, 2021

Hello!
K-Rail policy No Root User allows me to run Pod only if runAsNonRoot: true is specified in Pod's AND Container's securityContext same time.
Is it correct behavior or should I be able to run pod ONLY with runAsNonRoot: true in PodSecurityContext?
Thanks in advance.
@empinator
Copy link

@hikkyXII
Did you resolve your problem? I am facing a similar issue.

@hikkyXII
Copy link
Author

hikkyXII commented Feb 1, 2022

No. Need to edit rules code for that.
But as this project seems abandoned, we are going to move to another admission controller.

@empinator
Copy link

Thanks for your reply.
It seems like you are right. Too bad, since I liked the simplicity.
Is there any admission controller you are favouring? istio, OPA, Gatekeeper, kyverno, ... ?

@hikkyXII
Copy link
Author

hikkyXII commented Feb 2, 2022

Have no experience with them yet, but:
Istio - is for network operations
OPA, Gatekeeper - they work together. We are going to evaluate this one. The only one I heard of several times.
kyverno - never heard of.

@mark-adams
Copy link
Contributor

👋 The k-rail project has been deprecated and is no longer under active development. We recommend taking a look at OPA Gatekeeper to see if it might meet your needs going forward.

Thanks for your contribution(s) to the project!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mark-adams @empinator @hikkyXII