Red Hat Bugzilla – Bug 1459271
[RFE] [TD] SmartState Analysis and OpenSCAP Pod shouldn't need privileged permissions
Last modified: 2018-05-06 01:11:21 EDT
Description of problem:
We should drop the need for a privileged Pod to run SmartState Analysis and OpenSCAP.
This will deliver improved security and reliability (no interaction with the Node docker daemon).
On one side the performance will increase (no interaction with docker daemon) on the other we won't be able to leverage the local node image cache (in case the image was already local).
Also this will allow to schedule and run inspection on infrastructure that do not allow privileged Pods (e.g. OpenShift/Kubernetes PaaS).
the relevant PR for this bug is now located at https://github.com/openshift/image-inspector/pull/58
related PR on the manageiq side of things: https://github.com/ManageIQ/manageiq-providers-kubernetes/pull/50