-
Notifications
You must be signed in to change notification settings - Fork 594
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PodPolicy error when installing argoCD "v0.6.0" and "latest" (commit id: ba14854) on k8s-1.25 #945
Comments
Hi, I know it might not be the best solution since it involves updating policies and relaxing them. However, one way to solve it is to configure your namespace to allow installation with the current implementation. apiVersion: v1
kind: Namespace
metadata:
...
labels:
pod-security.kubernetes.io/audit: restricted
pod-security.kubernetes.io/audit-version: latest
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/enforce-version: latest
pod-security.kubernetes.io/warn: restricted
pod-security.kubernetes.io/warn-version: latest
name: olm To workaround the error seen before, we need to relax a bit the enforced policy, and set it to pod-security.kubernetes.io/enforce: baseline That will allow the catalog-source-operator to create the needed pods for the catalog sources. Again, this is only a workaround, and will only be viable if this complies with your security policies. |
Big thanks to @LaloLoop for sharing this awesome hack that's doing the trick. Still, thinking long-term and wanting a sturdy fix, I'm leaning towards getting the ArgoCD installation procedure in sync with OLM's default security level. Would it be possible to find out if there's a go-to person on the ArgoCD team responsible for this development? |
I found the very same issue with operator |
Hi @fjammes, thanks for reporting the issue. I will take a look at it. |
Describe the bug
Installing ArgoCD using this documentation https://argocd-operator.readthedocs.io/en/latest/install/olm/ lead to error below:
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
The pod
argocd-catalog-zkdkw
should be created with a restricted PodSecurity in order to be compliant with theolm
namespace PodSecurity level.Additional context
The text was updated successfully, but these errors were encountered: