When using psa restricted, one of the requirements is that you must set
capabilities:
drop: ["ALL"]
Capabilities (v1.22+)
Containers must drop ALL capabilities, and are only permitted to add back the NET_BIND_SERVICE capability. This is Linux only policy in v1.25+ (.spec.os.name != "windows")
Please add a check for this:
https://kubernetes.io/docs/concepts/security/pod-security-standards/
/E
Pay now to fund the work behind this issue.
Get updates on progress being made.
Maintainer is rewarded once the issue is completed.
You're funding impactful open source efforts
You want to contribute to this effort
You want to get funding like this too