Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deployment securityContext part is missing on creation #4815

Open
sebastien-helbert opened this issue Dec 22, 2021 · 4 comments
Open

Deployment securityContext part is missing on creation #4815

sebastien-helbert opened this issue Dec 22, 2021 · 4 comments
Labels
kind/bug release-note
Milestone
v2.11.0

Comments

@sebastien-helbert
Copy link

Setup

  • Rancher version: 2.6.2
  • Browser type & version: Google Chrome

Describe the bug
securityContext section is missing when created from new UI which prevents pods from starting when Pod Security Policy Support is enabled.

To Reproduce
Create a new workload of type Deployment from UI

Result

Expected Result

Add this section in yaml file like the old UI does :

        securityContext:
          allowPrivilegeEscalation: false
          capabilities: {}
          privileged: false
          readOnlyRootFilesystem: false
          runAsNonRoot: false

It may be somewhat related to #4238
@richard-cox richard-cox added this to the v2.6.4 milestone Dec 23, 2021
@gaktive gaktive modified the milestones: v2.6.4, v2.6.5 Feb 28, 2022
@catherineluse
Copy link
Contributor

Should this be in the v2.6.4 release notes under known issues?

@gaktive
Copy link
Member

gaktive commented Mar 21, 2022

@jtravee we'll need a known issue in 2.6.4 for this.

@jtravee
Copy link

jtravee commented Mar 21, 2022

@jtravee we'll need a known issue in 2.6.4 for this.

Got it, ty!

@gaktive gaktive modified the milestones: v2.6.5, v2.6.6 Apr 13, 2022
@gaktive gaktive modified the milestones: v2.6.6, v2.7.0 May 26, 2022
@nwmac nwmac modified the milestones: v2.7.0, v2.7.1 Aug 30, 2022
@nwmac nwmac modified the milestones: v2.7.next2, v2.7.next3 Mar 31, 2023
@nwmac nwmac modified the milestones: v2.7.next3, v2.7.next4 Jun 8, 2023
@gaktive gaktive modified the milestones: v2.8.0, v2.8.next1 Sep 19, 2023
@nwmac nwmac modified the milestones: v2.8.next1, v2.8.next2 Nov 17, 2023
@xhejtman
Copy link

xhejtman commented Dec 8, 2023
edited
Loading

Hello,

if CIS profile is in use, it would be really good, if default security context could be pre-set so that it meets CIS requirements. With PSA it means setting capablity drop, allowprivilegesescalation, seccompprofile. Without this, it is not possible to run pod from UI without editing yaml manifest.

@nwmac nwmac modified the milestones: v2.8.next2, v2.10.0 Feb 27, 2024
@nwmac nwmac removed this from the v2.10.0 milestone Jul 4, 2024
@nwmac nwmac added this to the v2.11.0 milestone Jul 4, 2024
@renovate renovate bot mentioned this issue Aug 1, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug release-note
Projects
None yet
Milestone
v2.11.0
Development

No branches or pull requests
8 participants
@nwmac @sebastien-helbert @gaktive @richard-cox @catherineluse @xhejtman @Jono-SUSE-Rancher @jtravee