Implement missing security context for nginx container

This change adds security context template at pod/container level

Change-Id: I2fbff7b3325f4b6dd98d9299b0daf9e230ece9ae
This commit is contained in:
PrateekDodda 2020-09-01 10:04:47 -05:00 committed by Prateek Dodda
parent 56772fdbaa
commit 16b2c8dcc4
2 changed files with 4 additions and 0 deletions

View File

@ -96,6 +96,7 @@ spec:
- name: nginx - name: nginx
{{ tuple $envAll "nginx" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "nginx" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.nginx | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.nginx | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "glance" "container" "nginx" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
ports: ports:
- name: g-api - name: g-api
containerPort: {{ tuple "image" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} containerPort: {{ tuple "image" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}

View File

@ -845,6 +845,9 @@ pod:
glance_api: glance_api:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
nginx:
readOnlyRootFilesystem: false
runAsUser: 0
glance_registry: glance_registry:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
allowPrivilegeEscalation: false allowPrivilegeEscalation: false