Hello!
Please, i’m trying to set up shinyproxy on kubernetes, and the shinyproxy pod is up and running, but when it tries to create another pod for an application, the error below is fired:
Caused by: io.fabric8.kubernetes.client.KubernetesClientException:
Failure executing: POST at: https://#######:443/api/v1/namespaces/shinyproxy/pods.
Message: Forbidden!Configured service account doesn't have access.
Service account may have been revoked. pods "sp-pod-4a4ed6bc-035a-4e16-bfbe-daf01e7fd8ce" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "sp-container-4a4ed6bc-035a-4e16-bfbe-daf01e7fd8ce" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "sp-container-4a4ed6bc-035a-4e16-bfbe-daf01e7fd8ce" must set securityContext.capabilities.drop=["ALL"])
I already entered the security configurations that is needed by kubernetes, as below, and i’m using the default service account with privileges as the demo example:
kubernetes-pod-patches: |
- op: add
path: /spec/securityContext
value:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
Please, is there any configuration that am I missing?
Thanks in advance.
Gabriel.