Skip to content

Default regular Agent Deployments to satisfy restricted Pod Security #2244

Description

@CouscousPie

Problem

Regular Agent resources (kagent.dev/v1alpha2) created through the kagent UI/CLI can render Deployments whose pod templates omit security context defaults required by Kubernetes Pod Security Standards restricted admission.

On a cluster enforcing restricted:latest, the generated agent pods are rejected before startup. Example admission failure from a Declarative Python agent:

violates PodSecurity "restricted:latest":
allowPrivilegeEscalation != false
unrestricted capabilities (container "kagent" must set securityContext.capabilities.drop=["ALL"])
runAsNonRoot != true
seccompProfile must be RuntimeDefault or Localhost

The installed kagent control-plane workloads are already compliant, for example the controller pod has:

securityContext:
  runAsNonRoot: true
  seccompProfile:
    type: RuntimeDefault
containers:
- name: controller
  securityContext:
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - ALL
    readOnlyRootFilesystem: true

But controller-created Agent Deployments can render like this:

spec:
  template:
    spec:
      securityContext: {}
      containers:
      - name: kagent
        # no container securityContext

As a result, newly created agents from the GUI/CLI are accepted at the kagent CRD level but never become ready on restricted clusters.

Reproducer

Create a regular declarative agent in a namespace enforcing restricted Pod Security:

kubectl label ns kagent pod-security.kubernetes.io/enforce=restricted --overwrite

Then create a basic Agent through the UI/CLI, or apply a minimal CR:

apiVersion: kagent.dev/v1alpha2
kind: Agent
metadata:
  name: pss-restricted-test
  namespace: kagent
spec:
  type: Declarative
  description: PSS restricted smoke test
  declarative:
    modelConfig: default-model-config
    runtime: python
    systemMessage: "smoke test"

The controller creates a Deployment, but the ReplicaSet cannot create pods because the generated pod template does not meet PSS restricted requirements.

Workaround

Adding the deployment security settings to the Agent CR works:

spec:
  declarative:
    deployment:
      podSecurityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      securityContext:
        allowPrivilegeEscalation: false
        capabilities:
          drop:
          - ALL
        runAsNonRoot: true

For BYO agents, the same shape is available under:

spec:
  byo:
    deployment:
      podSecurityContext: ...
      securityContext: ...

This is accepted by the installed v1alpha2 CRD and is enough for the generated Deployment to satisfy restricted admission.

Requested feature

Please make regular UI/CLI-created Agent resources PSS-restricted-compatible by default.

Potential approaches:

  1. Add default security context fields to Agent creation payloads in the UI and CLI.
  2. Extend controller.agentDeployment Helm defaults to include podSecurityContext and securityContext, and have the controller apply those defaults when an Agent omits them.
  3. Apply built-in controller defaults matching the already-compliant kagent control-plane chart defaults.

Suggested default:

podSecurityContext:
  runAsNonRoot: true
  seccompProfile:
    type: RuntimeDefault
securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL
  runAsNonRoot: true

readOnlyRootFilesystem: true would be nice as a harder default only if the agent runtime image supports it without requiring writable root paths. The minimal request here is to pass Kubernetes PSS restricted admission.

Related issue

Related but not identical to #1900, which covers SandboxAgent runtime identity. This request is for regular Agent resources rendered into Deployments by the kagent controller.

Environment

  • kagent chart/app: 0.9.11
  • CRD: kagent.dev/v1alpha2
  • Kubernetes: cluster enforcing Pod Security Standards restricted:latest

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions