Problem
Regular Agent resources (kagent.dev/v1alpha2) created through the kagent UI/CLI can render Deployments whose pod templates omit security context defaults required by Kubernetes Pod Security Standards restricted admission.
On a cluster enforcing restricted:latest, the generated agent pods are rejected before startup. Example admission failure from a Declarative Python agent:
violates PodSecurity "restricted:latest":
allowPrivilegeEscalation != false
unrestricted capabilities (container "kagent" must set securityContext.capabilities.drop=["ALL"])
runAsNonRoot != true
seccompProfile must be RuntimeDefault or Localhost
The installed kagent control-plane workloads are already compliant, for example the controller pod has:
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: controller
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
But controller-created Agent Deployments can render like this:
spec:
template:
spec:
securityContext: {}
containers:
- name: kagent
# no container securityContext
As a result, newly created agents from the GUI/CLI are accepted at the kagent CRD level but never become ready on restricted clusters.
Reproducer
Create a regular declarative agent in a namespace enforcing restricted Pod Security:
kubectl label ns kagent pod-security.kubernetes.io/enforce=restricted --overwrite
Then create a basic Agent through the UI/CLI, or apply a minimal CR:
apiVersion: kagent.dev/v1alpha2
kind: Agent
metadata:
name: pss-restricted-test
namespace: kagent
spec:
type: Declarative
description: PSS restricted smoke test
declarative:
modelConfig: default-model-config
runtime: python
systemMessage: "smoke test"
The controller creates a Deployment, but the ReplicaSet cannot create pods because the generated pod template does not meet PSS restricted requirements.
Workaround
Adding the deployment security settings to the Agent CR works:
spec:
declarative:
deployment:
podSecurityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
For BYO agents, the same shape is available under:
spec:
byo:
deployment:
podSecurityContext: ...
securityContext: ...
This is accepted by the installed v1alpha2 CRD and is enough for the generated Deployment to satisfy restricted admission.
Requested feature
Please make regular UI/CLI-created Agent resources PSS-restricted-compatible by default.
Potential approaches:
- Add default security context fields to Agent creation payloads in the UI and CLI.
- Extend
controller.agentDeployment Helm defaults to include podSecurityContext and securityContext, and have the controller apply those defaults when an Agent omits them.
- Apply built-in controller defaults matching the already-compliant kagent control-plane chart defaults.
Suggested default:
podSecurityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
readOnlyRootFilesystem: true would be nice as a harder default only if the agent runtime image supports it without requiring writable root paths. The minimal request here is to pass Kubernetes PSS restricted admission.
Related issue
Related but not identical to #1900, which covers SandboxAgent runtime identity. This request is for regular Agent resources rendered into Deployments by the kagent controller.
Environment
- kagent chart/app: 0.9.11
- CRD:
kagent.dev/v1alpha2
- Kubernetes: cluster enforcing Pod Security Standards
restricted:latest
Problem
Regular
Agentresources (kagent.dev/v1alpha2) created through the kagent UI/CLI can render Deployments whose pod templates omit security context defaults required by Kubernetes Pod Security Standardsrestrictedadmission.On a cluster enforcing
restricted:latest, the generated agent pods are rejected before startup. Example admission failure from aDeclarativePython agent:The installed kagent control-plane workloads are already compliant, for example the controller pod has:
But controller-created
AgentDeployments can render like this:As a result, newly created agents from the GUI/CLI are accepted at the kagent CRD level but never become ready on restricted clusters.
Reproducer
Create a regular declarative agent in a namespace enforcing restricted Pod Security:
Then create a basic
Agentthrough the UI/CLI, or apply a minimal CR:The controller creates a Deployment, but the ReplicaSet cannot create pods because the generated pod template does not meet PSS restricted requirements.
Workaround
Adding the deployment security settings to the
AgentCR works:For BYO agents, the same shape is available under:
This is accepted by the installed
v1alpha2CRD and is enough for the generated Deployment to satisfy restricted admission.Requested feature
Please make regular UI/CLI-created
Agentresources PSS-restricted-compatible by default.Potential approaches:
controller.agentDeploymentHelm defaults to includepodSecurityContextandsecurityContext, and have the controller apply those defaults when an Agent omits them.Suggested default:
readOnlyRootFilesystem: truewould be nice as a harder default only if the agent runtime image supports it without requiring writable root paths. The minimal request here is to pass Kubernetes PSSrestrictedadmission.Related issue
Related but not identical to #1900, which covers
SandboxAgentruntime identity. This request is for regularAgentresources rendered into Deployments by the kagent controller.Environment
kagent.dev/v1alpha2restricted:latest