Skip to content

Remove seccompProfile from trainer deployment securityContext #3293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
juliusvonkohout wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Remove seccompProfile from trainer deployment securityContext #3293

juliusvonkohout wants to merge 2 commits into from

Conversation

@juliusvonkohout
Copy link
Member

@juliusvonkohout juliusvonkohout commented Dec 2, 2025
edited
Loading

@google-oss-prow google-oss-prow bot requested a review from kimwnasptd December 2, 2025 13:50
@google-oss-prow google-oss-prow bot added size/S and removed size/XS labels Dec 2, 2025
andreyvelich
andreyvelich reviewed Dec 2, 2025
View reviewed changes
Copy link
Member

@andreyvelich andreyvelich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @juliusvonkohout!
/lgtm
/approve

@google-oss-prow google-oss-prow bot added the lgtm label Dec 2, 2025
@google-oss-prow
Copy link

google-oss-prow bot commented Dec 2, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: andreyvelich
Once this PR has been reviewed and has the lgtm label, please ask for approval from juliusvonkohout. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@juliusvonkohout
Copy link
Member Author

juliusvonkohout commented Dec 2, 2025

Warning FailedCreate replicaset/kubeflow-trainer-controller-manager-756f4958bf (combined from similar events): Error creating: pods "kubeflow-trainer-controller-manager-756f4958bf-ws5cz" is forbidden: violates PodSecurity "restricted:latest": seccompProfile (pod or containers "istio-validation", "istio-proxy" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

@akorolyov
Copy link

akorolyov commented Dec 2, 2025

@andreyvelich I have the same problem with katib-ui

Error creating: pods "katib-ui-6984bb767d-h6w5f" is forbidden: violates PodSecurity "restricted:latest": seccompProfile (pod or containers "istio-validation", "istio-proxy" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

@juliusvonkohout
Copy link
Member Author

juliusvonkohout commented Dec 2, 2025

Warning FailedCreate replicaset/kubeflow-trainer-controller-manager-756f4958bf (combined from similar events): Error creating: pods "kubeflow-trainer-controller-manager-756f4958bf-ws5cz" is forbidden: violates PodSecurity "restricted:latest": seccompProfile (pod or containers "istio-validation", "istio-proxy" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

That means right now the patch is still needed at the pod level and should be upstreamed to katib.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andreyvelich andreyvelich andreyvelich left review comments

@kimwnasptd kimwnasptd Awaiting requested review from kimwnasptd

Assignees

@andreyvelich andreyvelich

Labels

lgtm size/S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@juliusvonkohout @akorolyov @andreyvelich