In our kubernetes setup, we set the namespaces to use “Restricted” level of security (Pod Security Standards | Kubernetes).
With this level of security, containers must with a secuirtyContext equivalent to:
securityContext:
runAsUser: 1001
runAsNonRoot: true
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
Currently, according to the okteto docs (Okteto Manifest | Okteto Documentation) , “allowPrivilegeEscalation” and “seccompProfile” are not supported.
This yields the following error message when attempting “okteto up”:
x Couldn't activate your development container
allowPrivilegeEscalation != false (containers "okteto-bin", "okteto-init-volume" must set securityContext.allowPrivilegeEscalation=false), seccompProfile (pod or containers "okteto-bin", "okteto-init-volume" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
Would it be possible to add support for these options?
Thanks!