I have successfully created a PodSecurityPolicy, CluserRole and a ClusterRoleBinding on GKE. I am now trying to use OpenLDap from here. Without my PodSecurityPolicy installed on the k8s cluster, the helm installation of this OpenLDap works fine.
However when i install the PSP, and i try to install the OpenLDap, i the container stays in a CrashLoopBackOff state.
I am aware than openldap requires connection to ldapPort: and 389 sslLdapPort: 636 and i am aware that those are privileged ports. I already tried changing my just the privileged setting in the psp yaml to true, that did not work.
PodSecurityPolicy yaml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: test-psp
spec:
privileged: false
allowPrivilegeEscalation: false
defaultAllowPrivilegeEscalation: false
allowedCapabilities:
- NET_ADMIN
- NET_RAW
defaultAddCapabilities: []
requiredDropCapabilities:
- ALL
hostPID: false
hostIPC: false
hostNetwork: false
# requiredDropCapabilities: false
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
volumes:
- '*'
ClusterRole
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: test-cluster-role
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- test-psp
ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: test-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: test-cluster-role
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts
when i do a describe on the openldap pod, i get Back-off restarting failed container what could i be doing wrong here thats stopping the openldap to run.