From 7f47169f80240a5ddac98f6ecc1da380e1ea5b7b Mon Sep 17 00:00:00 2001 From: RAHUL KHIYANI Date: Fri, 17 May 2019 12:32:23 -0500 Subject: [PATCH] Rabbitmq: Add pod/container security context This updates the rabbitmq chart to include the pod security context on the pod template. This also adds the container security context to set readOnlyRootFilesystem to true Change-Id: I68aa4b49bf6301e1b1004a526151fa0ab4b197b4 --- rabbitmq/values.yaml | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml index f2868c7c7..a2aff860f 100644 --- a/rabbitmq/values.yaml +++ b/rabbitmq/values.yaml @@ -54,32 +54,38 @@ pod: runAsUser: 65534 container: rabbitmq_exporter: - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true allowPrivilegeEscalation: false server: pod: - runAsUser: 0 + runAsUser: 999 container: rabbitmq_password: - readOnlyRootFilesystem: false + runAsUser: 0 + readOnlyRootFilesystem: true rabbitmq_cookie: - readOnlyRootFilesystem: false + runAsUser: 0 + readOnlyRootFilesystem: true rabbitmq_perms: - readOnlyRootFilesystem: false + runAsUser: 0 + readOnlyRootFilesystem: true rabbitmq: + runAsUser: 0 readOnlyRootFilesystem: false cluster_wait: pod: - runAsUser: 0 + runAsUser: 999 container: rabbitmq_cluster_wait: - readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true test: pod: - runAsUser: 0 + runAsUser: 999 container: rabbitmq_test: - readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true affinity: anti: type: