openstack/openstack-helm
Code Issues Proposed changes

Using htk for glance security policies

Browse Source 
Overriding the values in values.yaml

Change-Id: I52dd8b5513062242ad4f2c89bb4cc998dc5ef9c5
This commit is contained in:
pd2839 2019-07-01 12:50:01 -05:00
parent fd37d61b12
commit 9d72b805d0
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
glance/templates/deployment-api.yaml
View File

@ -57,9 +57,8 @@ spec:
{{ tuple $envAll "api" $mounts_glance_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: glance-perms
{{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
securityContext:
runAsUser: 0
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "glance" "container" "glance_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- chown
- -R
@ -73,6 +72,7 @@ spec:
{{ if eq .Values.storage "rbd" }}
- name: ceph-keyring-placement
{{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "glance" "container" "ceph_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
- name: RBD_STORE_USER
value: {{ .Values.conf.glance.glance_store.rbd_store_user | quote }}

6
glance/values.yaml
View File

@ -818,6 +818,12 @@ pod:
pod:
runAsUser: 42424
container:
glance_perms:
readOnlyRootFilesystem: true
runAsUser: 0
ceph_keyring_placement:
readOnlyRootFilesystem: true
runAsUser: 0
glance_api:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false