Merge "Ceph-client: Fix security context for pod/container"

2019-06-06 18:47:30 +00:00 · 2019-06-06 18:47:30 +00:00 · a3f4337952
commit a3f4337952
parent d3dec3d257 789fa7a4e5
1 changed files with 14 additions and 6 deletions
--- a/ceph-client/values.yaml
+++ b/ceph-client/values.yaml
@ -56,43 +56,51 @@ pod:
  security_context:
    checkdns:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        checkdns:
+          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
    mds:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        init_dirs:
+          runAsUser: 0
          readOnlyRootFilesystem: true
        mds:
+          runAsUser: 0
          readOnlyRootFilesystem: true
    mgr:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        init_dirs:
+          runAsUser: 0
          readOnlyRootFilesystem: true
        mgr:
+          runAsUser: 0
          readOnlyRootFilesystem: true
    bootstrap:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        bootstrap:
+          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
    rbd_pool:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        rbd_pool:
+          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
    test:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        test:
+          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
  dns_policy: "ClusterFirstWithHostNet"
  replicas: