Feature Request
Describe the problem you need a feature to resolve.
The operator-sdk scorecard command recently got a new flag (--pod-security) to enable restricted pod security configurations on Scorecard test pods. Currently, Scorecard defaults to an untar image that runs as a root user:
|
scorecardCmd.Flags().StringVarP(&c.untarImage, "untar-image", "u", |
|
"registry.access.redhat.com/ubi8@sha256:910f6bc0b5ae9b555eb91b88d28d568099b060088616eba2867b07ab6ea457c7", |
|
"Untar image to be used by the Scorecard pod") |
This results in PSA failures due to the container running as a root user instead of a non-root user when --pod-security=restricted
Describe the solution you'd like.
Audit all default images used by Scorecard pods and make changes as needed to ensure that the images we are using will run as a non-root user by default.
Feature Request
Describe the problem you need a feature to resolve.
The
operator-sdk scorecardcommand recently got a new flag (--pod-security) to enable restricted pod security configurations on Scorecard test pods. Currently, Scorecard defaults to an untar image that runs as a root user:operator-sdk/internal/cmd/operator-sdk/scorecard/cmd.go
Lines 96 to 98 in 5cbdad9
This results in PSA failures due to the container running as a root user instead of a non-root user when
--pod-security=restrictedDescribe the solution you'd like.
Audit all default images used by Scorecard pods and make changes as needed to ensure that the images we are using will run as a non-root user by default.