airship
/
armada
Code Issues Proposed changes

Implement Security Context for Armada 

Implement readOnlyRootFilesystem:true for init container

- Armada server deployment

Change-Id: Ifbc48bef07eab97c015b65a1941a526fc6a28c6d
This commit is contained in:
Prateek Dodda 2019-10-30 14:25:12 -05:00
parent 7ef4905c44
commit 430586927c
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
charts/armada/templates/deployment-api.yaml
View File

@ -118,6 +118,7 @@ spec:
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
initContainers:
{{ tuple $envAll "api" $mounts_armada_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{ dict "envAll" $envAll "application" "armada" "container" "armada_api_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
containers:
- name: armada-api
{{ tuple $envAll "api" | include "helm-toolkit.snippets.image" | indent 10 }}

3
charts/armada/values.yaml
View File

@ -260,6 +260,9 @@ pod:
pod:
runAsUser: 65534
container:
armada_api_init:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
armada_api:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false