Merge "Ingress: Add pod/container security context"

2019-06-06 11:53:11 +00:00 · 2019-06-06 11:53:11 +00:00 · 5245f04d4c
commit 5245f04d4c
parent 82291cfe0e a0d67a1117
1 changed files with 10 additions and 5 deletions
--- a/ingress/values.yaml
+++ b/ingress/values.yaml
@ -44,31 +44,36 @@ pod:
  security_context:
    error_pages:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        ingress_error_pages:
+          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
    server:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        ingress_vip_kernel_modules:
          capabilities:
            add:
              - SYS_MODULE
-          readOnlyRootFilesystem: false
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
        ingress_vip_init:
          capabilities:
            add:
              - NET_ADMIN
-          readOnlyRootFilesystem: false
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
        ingress:
+          runAsUser: 0
          readOnlyRootFilesystem: false
        ingress_vip:
          capabilities:
            add:
              - NET_ADMIN
-          readOnlyRootFilesystem: false
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
  affinity:
    anti:
      type: