Keystone podSecurityContext
securitycontext with non-root user is implemented at pod level and leveraged the helm-toolkit snippet Fix for adding allowPrivilegeEscalation flag as a blanket policy on the pod in the keyston chart Depends-On: I95264c933b51e2a8e38f63faa1e239bb3c1ebfda Change-Id: I15333df4707948e50deb935ffc1ee599588e4788
This commit is contained in:
parent
502a7e9bb9
commit
085610523f
@ -45,6 +45,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
{{ dict "envAll" $envAll "application" "keystone" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "keystone" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
@ -58,7 +59,7 @@ spec:
|
||||
{{ tuple $envAll "keystone_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
runAsUser: {{ .Values.pod.user.keystone.uid }}
|
||||
allowPrivilegeEscalation: false
|
||||
command:
|
||||
- /tmp/keystone-api.sh
|
||||
- start
|
||||
|
Loading…
Reference in New Issue
Block a user