Error 'Container delay-start must set securityContext.allowPrivilegeEscalation=false' when deploying vFunction Server on Kubernetes via Helm Charts

Overview of the Issue
Steps to Resolve the Issue

Overview of the Issue

This issue occurs in the following circumstances:

An organization runs the install.sh script to install the vFunction Server in a Kubernetes Cluster via Helm Charts
The installation fails with the following error:

client.go:144: 2025-07-28 15:23:08.132283058 +0000 UTC m=+19.034515166 [debug] creating 1 resource(s)
I0728 15:23:08.155433     215 warnings.go:110] "Warning: would violate PodSecurity \"restricted:latest\": allowPrivilegeEscalation != false (container \"delay-start\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container \"delay-start\" must set securityContext.capabilities.drop=[\"ALL\"]), runAsNonRoot != true (pod or container \"delay-start\" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container \"delay-start\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"

Steps to Resolve the Issue

Take the following steps to resolve this issue:

On the Linux VM with access to the Kubernetes Cluster via Kubectl, open the installation.yaml

cd vfunction-server-for-kubernetes
vi config/installation.yaml

Disable the Busybox Containers that manage the startup timing of the Pods in the Cluster

server:
  ...
  security:
    disable_busybox_containers: "Yes"

Run the installation script again

### Replace $NAMESPACE with the actual value
bash install.sh -n $NAMESPACE

Updated on 29 Jul 2025