You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the feature you would like and why you want it
Currently the Deployment & Daemonset checks, generate minimal or no securityContext at all, when spawning the set of resources to check.
Even though both of those checks, could easily run in a namespace restricted with PSA restricted, currently they require the namespace to be set to privileged since they don't set all the required values to conform to the PodSecurityAdmission policies.
Additional context
While this might not be possible for all checks (eg. I'm not sure about the DNS check, but even that should be able to run with capabilities.drop = ALL)
The text was updated successfully, but these errors were encountered:
Describe the feature you would like and why you want it
Currently the Deployment & Daemonset checks, generate minimal or no securityContext at all, when spawning the set of resources to check.
eg. Deployment check: https://github.com/kuberhealthy/kuberhealthy/blob/master/cmd/deployment-check/deployment.go#L89
Daemonset check: https://github.com/kuberhealthy/kuberhealthy/blob/master/cmd/daemonset-check/run_check.go#L394
Even though both of those checks, could easily run in a namespace restricted with PSA
restricted
, currently they require the namespace to be set toprivileged
since they don't set all the required values to conform to the PodSecurityAdmission policies.Additional context
While this might not be possible for all checks (eg. I'm not sure about the DNS check, but even that should be able to run with
capabilities.drop = ALL
)The text was updated successfully, but these errors were encountered: