Bug: Kubeslice runs with privileged permissions, we need a minimal set of permissions.

[gourishkb]

📜 Description

In openshift environment kubeslice cannot run as with privileged permissions, there needs to be minimal set of permissions to run kubeslice in openshift.

We can achieve this with a security context with a minimal set of permissions instead of running kubeslice with full privileged permissions.

This change will have to be applied in a number of KubeSlice components not just worker-operator.

👟 Reproduction steps

install kubeslice in openshift

👍 Expected behavior

It should run in openshift without privileged permissions out of the box.

👎 Actual Behavior

Fails to run kubeslice on openshift

🐚 Relevant log output

Version

No response

🖥️ What operating system are you seeing the problem on?

No response

✅ Proposed Solution

With a security context with a minimal set of permissions instead of running kubeslice with full privileged permissions.

This change will have to be applied in a number of KubeSlice components not just worker-operator.

👀 Have you spent some time to check if this issue has been raised before?

• I checked and didn't find any similar issue

Code of Conduct

• I agree to follow this project's Code of Conduct

[gourishkb]

Hey @Sumon009838 I have created this issue to track the OpenShift privileged permissions hindering kubeslice normal operation. Can you please add some error logs to add some more context ?

[Sumon009838]

I haven’t seen any errors in non-privileged mode, but the pod gets stuck in the init state. The cmd-nsc-init container hangs at https://github.com/kubeslice/cmd-nsc-init/blob/6ae3483ce5d7b0c14471e81fc346817be4abeacd/main.go#L139
with no error logs.