Add security context from snippet for tungstenfabric container
Change-Id: I4db982e8f600288ec954d4c019f096bd8dcd7e52 Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This commit is contained in:
parent
afd68753c7
commit
0807ecb354
@ -210,8 +210,7 @@ spec:
|
|||||||
image: {{ .Values.images.tags.tf_compute_init }}
|
image: {{ .Values.images.tags.tf_compute_init }}
|
||||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
securityContext:
|
{{ dict "envAll" $envAll "application" "nova" "container" "tungstenfabric_compute_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
runAsUser: {{ .Values.pod.user.nova.uid }}
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: tf-plugin-shared
|
- name: tf-plugin-shared
|
||||||
mountPath: /opt/plugin
|
mountPath: /opt/plugin
|
||||||
|
@ -2346,6 +2346,9 @@ pod:
|
|||||||
nova_compute_init:
|
nova_compute_init:
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
runAsUser: 0
|
runAsUser: 0
|
||||||
|
tungstenfabric_compute_init:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
ceph_perms:
|
ceph_perms:
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
runAsUser: 0
|
runAsUser: 0
|
||||||
|
Loading…
Reference in New Issue
Block a user