Commit 404c827
fix(sandbox): add missing PodSecurity restricted:latest fields
Sandbox pods for analysis/execution fail to start on clusters
enforcing the restricted Pod Security Standard (default for
openshift-* namespaces). Add runAsNonRoot and seccompProfile
at both pod and container level in podspec_builder.go and
bootstrap.go, matching the pattern already used by the console
plugin reconciler.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>1 parent c8d785b commit 404c827
2 files changed
Lines changed: 18 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
51 | 51 | | |
52 | 52 | | |
53 | 53 | | |
| 54 | + | |
54 | 55 | | |
| 56 | + | |
55 | 57 | | |
56 | 58 | | |
57 | 59 | | |
| |||
124 | 126 | | |
125 | 127 | | |
126 | 128 | | |
127 | | - | |
128 | | - | |
| 129 | + | |
| 130 | + | |
| 131 | + | |
| 132 | + | |
| 133 | + | |
| 134 | + | |
129 | 135 | | |
130 | 136 | | |
131 | 137 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
103 | 103 | | |
104 | 104 | | |
105 | 105 | | |
| 106 | + | |
| 107 | + | |
| 108 | + | |
| 109 | + | |
| 110 | + | |
| 111 | + | |
106 | 112 | | |
107 | 113 | | |
108 | 114 | | |
| |||
116 | 122 | | |
117 | 123 | | |
118 | 124 | | |
| 125 | + | |
119 | 126 | | |
120 | 127 | | |
121 | 128 | | |
| 129 | + | |
| 130 | + | |
| 131 | + | |
122 | 132 | | |
123 | 133 | | |
124 | 134 | | |
| |||
0 commit comments