openstack/openstack-helm
Code Issues Proposed changes

Fix placement of privilege escalation in Glance.

Browse Source 
In a previous patch set (https://review.openstack.org/#/c/629300/),
the "allowPrivilegeEscalation" flag was set to false for one of the
init containers, but it was intended to be used for the glance-api
container.

Change-Id: If2d83d82a720d7a1a39729bbf3bddc226af3ba20
This commit is contained in:
Cliff Parsons 2019-03-06 16:19:51 -06:00 committed by Chris Wedgwood
parent 00fff1d274
commit d0a93d3370
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
glance/templates/deployment-api.yaml
View File

@ -71,8 +71,6 @@ spec:
{{ if eq .Values.storage "rbd" }} {{ if eq .Values.storage "rbd" }}
- name: ceph-keyring-placement - name: ceph-keyring-placement
{{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
securityContext:
allowPrivilegeEscalation: false
env: env:
- name: RBD_STORE_USER - name: RBD_STORE_USER
value: {{ .Values.conf.glance.glance_store.rbd_store_user | quote }} value: {{ .Values.conf.glance.glance_store.rbd_store_user | quote }}
@ -94,6 +92,8 @@ spec:
- name: glance-api - name: glance-api
{{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
allowPrivilegeEscalation: false
command: command:
- /tmp/glance-api.sh - /tmp/glance-api.sh
- start - start