Ceph-client: Fix security context for pod/container

This changes the user from root to the nobody user instead in ceph-client chart wherever needed Change-Id: I4c56b97f85093bbbaaef617f1981f67215a8bc00
2019-05-28 11:13:18 -05:00 · 2019-05-28 11:13:18 -05:00 · 789fa7a4e5
commit 789fa7a4e5
parent 630efb7fb0
1 changed files with 14 additions and 6 deletions
--- a/ceph-client/values.yaml
+++ b/ceph-client/values.yaml
@ -56,43 +56,51 @@ pod:
  security_context:
    checkdns:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        checkdns:
+          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
    mds:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        init_dirs:
+          runAsUser: 0
          readOnlyRootFilesystem: true
        mds:
+          runAsUser: 0
          readOnlyRootFilesystem: true
    mgr:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        init_dirs:
+          runAsUser: 0
          readOnlyRootFilesystem: true
        mgr:
+          runAsUser: 0
          readOnlyRootFilesystem: true
    bootstrap:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        bootstrap:
+          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
    rbd_pool:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        rbd_pool:
+          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
    test:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        test:
+          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
  dns_policy: "ClusterFirstWithHostNet"
  replicas: