Error with PodSecurity restricted

[Syndlex]

Hey Thanks for implementing this Operator:

We have the Following Problem:

Our Cluster is Setup with higher restriced PodSecurity.

So when I create a Valkey cluster i get this with my Pods:

create Pod keyval-0 in StatefulSet keyval failed error: pods "keyval-0" is forbidden: violates PodSecurity "restricted:latest":
allowPrivilegeEscalation != false (container "volume-permissions" must set securityContext.allowPrivilegeEscalation=false),
unrestricted capabilities (container "volume-permissions" must set securityContext.capabilities.drop=["ALL"]),
runAsNonRoot != true (pod or container "volume-permissions" must set securityContext.runAsNonRoot=true),
runAsUser=0 (container "volume-permissions" must not set runAsUser=0),
seccompProfile (pod or container "volume-permissions" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

[dmolik]

this looks fixable I'll get to it in the next week or so. On an aside is this kyverno or OPA-Gatekeeper enforcing this?

[Syndlex]

Hey. Oh this is something within k8s itself. In this case Tanzu (the k8s distro we use) has set it up clusterwide. But you can set this on a per namespace base. Thanks for looking into it. Dan Molik ***@***.***> schrieb am Fr., 12. Sept. 2025, 01:59:

…

*dmolik* left a comment (hyperspike/valkey-operator#260) <#260 (comment)> this looks fixable I'll get to it in the next week or so. On an aside is this kyverno or OPA-Gatekeeper enforcing this? — Reply to this email directly, view it on GitHub <#260 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AENFNRCLFA6HAH4WWBS2QT33SIEELAVCNFSM6AAAAAB3WCL4YSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTEOBTGAYTOMJTHA> . You are receiving this because you authored the thread.Message ID: ***@***.***>