Add security context from snippet for tungstenfabric container

Change-Id: I4db982e8f600288ec954d4c019f096bd8dcd7e52
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This commit is contained in:
Andrii Ostapenko 2020-07-08 12:42:01 -05:00 committed by Andrii Ostapenko
parent afd68753c7
commit 0807ecb354
2 changed files with 4 additions and 2 deletions

View File

@ -210,8 +210,7 @@ spec:
image: {{ .Values.images.tags.tf_compute_init }} image: {{ .Values.images.tags.tf_compute_init }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext: {{ dict "envAll" $envAll "application" "nova" "container" "tungstenfabric_compute_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
runAsUser: {{ .Values.pod.user.nova.uid }}
volumeMounts: volumeMounts:
- name: tf-plugin-shared - name: tf-plugin-shared
mountPath: /opt/plugin mountPath: /opt/plugin

View File

@ -2346,6 +2346,9 @@ pod:
nova_compute_init: nova_compute_init:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsUser: 0 runAsUser: 0
tungstenfabric_compute_init:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
ceph_perms: ceph_perms:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsUser: 0 runAsUser: 0