Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: convertion not wroked for kyverno #316

Open
antonchernyaev opened this issue Sep 14, 2023 · 2 comments
Open

[Bug]: convertion not wroked for kyverno #316

antonchernyaev opened this issue Sep 14, 2023 · 2 comments
Labels
bug Something isn't working triage Triage

Comments

@antonchernyaev
Copy link

What happened?

psp is

apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
spec:
  allowPrivilegeEscalation: false
  fsGroup:
    ranges:
    - max: 65535
      min: 1
    rule: MustRunAs
  runAsUser:
    rule: MustRunAsNonRoot
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    ranges:
    - max: 65535
      min: 1
    rule: MustRunAs
  volumes:
  - configMap
  - emptyDir
  - projected
  - secret
  - downwardAPI
  - persistentVolumeClaim

What policy engine were you generating policy for

No response

Relevant log output

cat vault-injector.yaml | ~/psp-migration-linux-x64 -e kyverno
/snapshot/psp-migration/dist/kyverno.js:234
        let securityContext = { securityContext: { runAsUser: `>=${PSP.spec.runAsUser.ranges[0].min} & <=${PSP.spec.runAsUser.ranges[0].max}` } };
                                                                                            ^

TypeError: Cannot read properties of undefined (reading '0')
    at transform_kyverno (/snapshot/psp-migration/dist/kyverno.js:234:93)
    at transform (/snapshot/psp-migration/dist/index.js:41:48)
    at Object.<anonymous> (/snapshot/psp-migration/dist/run.js:45:43)
    at Module._compile (pkg/prelude/bootstrap.js:1930:22)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1159:10)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at Function.runMain (pkg/prelude/bootstrap.js:1983:12)
    at node:internal/main/run_main_module:17:47
@antonchernyaev antonchernyaev added bug Something isn't working triage Triage labels Sep 14, 2023
@antonchernyaev
Copy link
Author

also if i add range i not see into kyverno policies run as not root - for example it's should looks like in doc example
https://kyverno.io/policies/pod-security/restricted/require-run-as-nonroot/require-run-as-nonroot/

@antonchernyaev
Copy link
Author

also need to change
Unsupported value: "Enforce": supported values: "audit", "enforce"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triage Triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@antonchernyaev