It's against Security Standards as explained in [1].
"Using the hostPath volume type presents many security risks.
If you can avoid using a hostPath volume, you should."
It basically asks for the profile Privileged
"pod-security.kubernetes.io/enforce": "privileged
[1] https://kubernetes.io/docs/concepts/storage/volumes/#hostpath
Change-Id: I89e35f11ab7917b904ac474401bf609ad9c5dd3d
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
count: {{ namespaces_count }}
with_serviceaccount: true
- - title: >-
- Run a single workload with create/read/check/delete pod with hostPath
- volume
- scenario:
- Kubernetes.create_and_delete_pod_with_hostpath_volume:
- image: {{ dockerhub_repo }}/busybox:1.28
- command:
- - sleep
- - "3600"
- mount_path: /opt/check
- check_cmd:
- - ls
- - /opt/check
- error_regexp: No such file
- volume_type: Directory
- volume_path: /tmp/
- runner:
- constant:
- concurrency: {{ concurrency }}
- times: {{ times }}
- contexts:
- namespaces:
- count: {{ namespaces_count }}
- with_serviceaccount: true
-
- title:
Run a single workload with create/read/delete pod with configMap volume
scenario: