Merge "Tiller: Add pod/container security context"

2019-04-16 18:27:03 +00:00 · 2019-04-16 18:27:03 +00:00 · 62ec05958a
commit 62ec05958a
parent 6b17525b93 76daa2e7df
2 changed files with 9 additions and 0 deletions
--- a/tiller/templates/deployment-tiller.yaml
+++ b/tiller/templates/deployment-tiller.yaml
@ -62,6 +62,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
+{{ dict "envAll" $envAll "application" "tiller" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
      initContainers:
 {{ tuple $envAll "tiller" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
@ -82,6 +83,7 @@ spec:
          successThreshold: 1
          timeoutSeconds: 1
        name: tiller
+{{ dict "envAll" $envAll "application" "tiller" "container" "tiller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
        ports:
        - containerPort: 44134
          name: tiller
--- a/tiller/values.yaml
+++ b/tiller/values.yaml
@ -37,6 +37,13 @@ images:
      - image_repo_sync

 pod:
+  security_context:
+    tiller:
+      pod:
+        runAsUser: 65534
+      container:
+        tiller:
+          allowPrivilegeEscalation: false
  resources:
    enabled: false
    jobs: