有没有办法创建带有 securityContext 的 Tekton EventListener?我似乎无法在文档中找到任何关于此的内容,并且由于 EventListener 状态中显示以下错误,我无法在我的环境中运行:
Message: pods "el-github-listener-interceptor-7b89d546dd-m6rdz" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "event-listener" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "event-listener" must set securityContext.capabilities.drop=["ALL"]), seccompProfile (pod or container "event-listener" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
我的EventListener定义如下:
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: github-listener-interceptor
namespace: tekton-pipelines
spec:
serviceAccountName: sa-tekton-triggers
triggers:
- name: github-listener
interceptors:
- ref:
name: "github"
params:
- name: "eventTypes"
value: ["push"]
- ref:
name: cel
params:
- name: filter
# execute only when ....
value: extensions.changed_files.matches('src/')
bindings:
- ref: pipeline-reach-dashboard-binding
template:
ref: pipeline-reach-dashboard-template
我尝试在 securityContext 块中添加每个可以想象的地方,但没有运气。
谢谢!
更新。看起来这可能是一个错误:
https://github.com/tektoncd/pipeline/issues/5896
将 EventListener 和触发器项移动到除 tekton-pipelines 之外的其他名称空间允许我解决这个问题