Adding securityContext to container launched by worker

Summary

The user is asking if it is possible to add a securityContext to the container launched by the worker due to a denial from an admission webhook related to missing securityContext/supplementalGroups.


Question

Hi, is it possible to add a securityContext to the container launched by the worker. I get this 4-10-18T10:16:07.352505000Z Caused by: io.temporal.failure.ApplicationFailure: message='Failure executing: POST at: .../namespaces/shared/pods. Message: admission webhook "validation.gatekeeper.sh" denied the request: [pods-allowed-user-ranges] Container call-heartbeat-server is attempting to run without a required securityContext/supplementalGroups. Allowed supplementalGroups: {"ranges": [{"max": 65535, "min": 1}], "rule": "MustRunAs"}.



This topic has been created from a Slack thread to give it more visibility.
It will be on Read-Only mode here. Click here if you want
to access the original thread.

Join the conversation on Slack

["securitycontext", "container", "worker", "admission-webhook", "supplementalgroups"]