Implement Security Context for Armada
Implement readOnlyRootFilesystem:true for init container - Armada server deployment Change-Id: Ifbc48bef07eab97c015b65a1941a526fc6a28c6d
This commit is contained in:
parent
7ef4905c44
commit
430586927c
|
@ -118,6 +118,7 @@ spec:
|
|||
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
|
||||
initContainers:
|
||||
{{ tuple $envAll "api" $mounts_armada_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ dict "envAll" $envAll "application" "armada" "container" "armada_api_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
containers:
|
||||
- name: armada-api
|
||||
{{ tuple $envAll "api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
|
|
|
@ -260,6 +260,9 @@ pod:
|
|||
pod:
|
||||
runAsUser: 65534
|
||||
container:
|
||||
armada_api_init:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
armada_api:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
|
|
Loading…
Reference in New Issue