Support additional securityContext options

In our kubernetes setup, we set the namespaces to use “Restricted” level of security (Pod Security Standards | Kubernetes).

With this level of security, containers must with a secuirtyContext equivalent to:

  runAsUser: 1001
  runAsNonRoot: true
      - ALL
  allowPrivilegeEscalation: false
    type: RuntimeDefault

Currently, according to the okteto docs (Okteto Manifest | Okteto Documentation) , “allowPrivilegeEscalation” and “seccompProfile” are not supported.

This yields the following error message when attempting “okteto up”:

 x  Couldn't activate your development container
    allowPrivilegeEscalation != false (containers "okteto-bin", "okteto-init-volume" must set securityContext.allowPrivilegeEscalation=false), seccompProfile (pod or containers "okteto-bin", "okteto-init-volume" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

Would it be possible to add support for these options?


1 Like

Hey @dimeoa ! To ensure we understand this: is the ask to let you define a custom securityContext, or for the init containers that Okteto creates to inherit the securityContext configuration from the existing deployment?

This will be available on version 2.12 of the Okteto CLI. You can try the beta today by downloading the binary from Release Okteto CLI [beta] - 2.12.0-beta.1 · okteto/okteto · GitHub