From a0d67a11171ae70b2123c7a8ad1ed4ceced4d9b9 Mon Sep 17 00:00:00 2001
From: RAHUL KHIYANI <rk0850@att.com>
Date: Fri, 17 May 2019 00:22:11 -0500
Subject: [PATCH] Ingress: Add pod/container security context

This updates the etcd chart to include the pod
security context on the pod template.

This also adds the container security context to set
readOnlyRootFilesystem to true

Change-Id: I9bf05ab5c21f9afbe269e1566cfecd20b3c086c0
---
 ingress/values.yaml | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/ingress/values.yaml b/ingress/values.yaml
index afcaf3624..b0a820718 100644
--- a/ingress/values.yaml
+++ b/ingress/values.yaml
@@ -44,31 +44,36 @@ pod:
   security_context:
     error_pages:
       pod:
-        runAsUser: 0
+        runAsUser: 65534
       container:
         ingress_error_pages:
+          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
     server:
       pod:
-        runAsUser: 0
+        runAsUser: 65534
       container:
         ingress_vip_kernel_modules:
           capabilities:
             add:
               - SYS_MODULE
-          readOnlyRootFilesystem: false
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
         ingress_vip_init:
           capabilities:
             add:
               - NET_ADMIN
-          readOnlyRootFilesystem: false
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
         ingress:
+          runAsUser: 0
           readOnlyRootFilesystem: false
         ingress_vip:
           capabilities:
             add:
               - NET_ADMIN
-          readOnlyRootFilesystem: false
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
   affinity:
     anti:
       type: