You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
time="2024-09-16T17:14:27Z" level=error msg="Namespace wordpress, resource restore error: error restoring pods/wordpress/wordpress-845697cddc-pcpqw: pods \"wordpress-845697cddc-pcpqw\" is forbidden: violates PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (container \"restore-wait\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"restore-wait\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or container \"restore-wait\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container \"restore-wait\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")" logSource="pkg/controller/restore_controller.go:580" restore=velero/restore-from-bl-dev-01
time="2024-09-16T17:14:27Z" level=error msg="Namespace wordpress, resource restore error: error restoring pods/wordpress/wordpress-mariadb-0: pods \"wordpress-mariadb-0\" is forbidden: violates PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (container \"restore-wait\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"restore-wait\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or container \"restore-wait\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container \"restore-wait\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")" logSource="pkg/controller/restore_controller.go:580" restore=velero/restore-from-bl-dev-01
The necessary SecurityContext should be added to the init container to not break the pod security policy.
Environment:
Velero version (use velero version):
Velero features (use velero client config get features):
Kubernetes version (use kubectl version):
Kubernetes installer & version:
Cloud provider or hardware configuration:
OS (e.g. from /etc/os-release):
Vote on this issue!
This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.
👍 for "I would like to see this bug fixed as soon as possible"
👎 for "There are more important bugs to focus on right now"
The text was updated successfully, but these errors were encountered:
IMO, the data mover's intermediate pod is created in the Velero installed namespace.
There are some differences from the PodVolumeBackup scenario, we already applied the privileged PSA by default to it by velero install CLI.
Got the following error:
The necessary
SecurityContext
should be added to the init container to not break the pod security policy.Environment:
velero version
):velero client config get features
):kubectl version
):/etc/os-release
):Vote on this issue!
This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.
The text was updated successfully, but these errors were encountered: