I understand, as we can easily build our own modified image without the
extra capability, we're not blocked by this.
Thanks for considering it, anyway!
On Tue, Jul 20, 2021 at 9:30 AM Ashesh Vashi
wrote:
>
>
>
> On Tue, Jul 20, 2021 at 1:43 PM Dave Page wrote:
>
>> Hi
>>
>> On Mon, Jul 19, 2021 at 8:53 PM Albert Serrallé <
>> albert.serra...@adevinta.com> wrote:
>>
>>> Hello all,
>>>
>>> I'm trying to run pgadmin in a Kubernetes cluster with en
On Tue, Jul 20, 2021 at 1:43 PM Dave Page wrote:
> Hi
>
> On Mon, Jul 19, 2021 at 8:53 PM Albert Serrallé <
> albert.serra...@adevinta.com> wrote:
>
>> Hello all,
>>
>> I'm trying to run pgadmin in a Kubernetes cluster with enforced Pod
>> Security Policies. Long story short, in the cluster, *non
Maybe have a separated Dockerfile for unprivileged setups? Does it make
sense? Maybe with an extra validation of settings in the entrypoint.sh.
Nginx does something like that:
https://github.com/nginxinc/docker-nginx-unprivileged
On Tue, 20 Jul 2021 at 10:12, Dave Page wrote:
> Hi
>
> On Mon, J
Hi
On Mon, Jul 19, 2021 at 8:53 PM Albert Serrallé <
albert.serra...@adevinta.com> wrote:
> Hello all,
>
> I'm trying to run pgadmin in a Kubernetes cluster with enforced Pod
> Security Policies. Long story short, in the cluster, *none* of the Linux
> capabilities are allowed.
>
> The Dockerfile
Hello all,
I'm trying to run pgadmin in a Kubernetes cluster with enforced Pod
Security Policies. Long story short, in the cluster, *none* of the Linux
capabilities are allowed.
The Dockerfile enables this for the python exec:
setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/python3.8 && \
>
So the en
