You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 1, 2020. It is now read-only.
why is this needed
PodSecurityPolicies can prevent Pods from running if the Security Contexts are not set.
Similarly, SecurityContextConstraints in Openshift can prevent Pods from running.
TODO
Add a flag to Synopsysctl to set SecurityContext constraints
Modify synopsysctl to create a service account for all resources if on Kubernetes/Openshift (this will make it easy for customers to add the Product to a SecurityContextConstraint)
Verify the BlackDuck images can run without being root (aka GID, UID, and fsGroup are not 0)
Verify Pods can run with a PodSecurityPolicy enabled
Verify Pods can run with a SecurityContextConstraint enabled
what do you want
Be able to support arbitrary Security Contexts for GID, UID, and fsGroup in OpenShift.
BlackDuck Ticket: https://jira.dc1.lan/browse/HUB-20580
why is this needed
PodSecurityPolicies can prevent Pods from running if the Security Contexts are not set.
Similarly, SecurityContextConstraints in Openshift can prevent Pods from running.
TODO
example implementation
https://github.com/blackducksoftware/polaris-contrib/tree/master/blackduck-synopsysctl-example-GID1000
The text was updated successfully, but these errors were encountered: