openstack/openstack-helm-infra
Code Issues Proposed changes

Merge "Add missing security-context for elasticsearch-data and elasticsearch-master"

Browse Source
This commit is contained in:
Zuul 2020-07-16 23:37:34 +00:00 committed by Gerrit Code Review
commit 1ae18f2a86
3 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
elasticsearch/templates/statefulset-data.yaml
View File

@ -69,8 +69,7 @@ spec:
- name: elasticsearch-perms
{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.prometheus | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: 0
{{ dict "envAll" $envAll "application" "data" "container" "elasticsearch_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- chown
- -R

3
elasticsearch/templates/statefulset-master.yaml
View File

@ -68,8 +68,7 @@ spec:
- name: elasticsearch-perms
{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.prometheus | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: 0
{{ dict "envAll" $envAll "application" "master" "container" "elasticsearch_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- chown
- -R

4
elasticsearch/values.yaml
View File

@ -185,6 +185,8 @@ pod:
memory_map_increase:
privileged: true
readOnlyRootFilesystem: true
elasticsearch_perms:
readOnlyRootFilesystem: true
elasticsearch_master:
privileged: true
capabilities:
@ -217,6 +219,8 @@ pod:
memory_map_increase:
privileged: true
readOnlyRootFilesystem: true
elasticsearch_perms:
readOnlyRootFilesystem: true
elasticsearch_data:
privileged: true
capabilities: