Implement missing security context for nginx container
This change adds security context template at pod/container level Change-Id: I2fbff7b3325f4b6dd98d9299b0daf9e230ece9ae
This commit is contained in:
parent
56772fdbaa
commit
16b2c8dcc4
@ -96,6 +96,7 @@ spec:
|
|||||||
- name: nginx
|
- name: nginx
|
||||||
{{ tuple $envAll "nginx" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nginx" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.nginx | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.nginx | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
{{ dict "envAll" $envAll "application" "glance" "container" "nginx" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
ports:
|
ports:
|
||||||
- name: g-api
|
- name: g-api
|
||||||
containerPort: {{ tuple "image" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
containerPort: {{ tuple "image" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
@ -845,6 +845,9 @@ pod:
|
|||||||
glance_api:
|
glance_api:
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
nginx:
|
||||||
|
readOnlyRootFilesystem: false
|
||||||
|
runAsUser: 0
|
||||||
glance_registry:
|
glance_registry:
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
Loading…
Reference in New Issue
Block a user