override security context capabilities to values.yaml
Change-Id: I1120a4f5325172a8ece7d2ce8bb24706e28b319f
This commit is contained in:
parent
f899a11a06
commit
2dd543c841
|
@ -181,12 +181,6 @@ spec:
|
||||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
{{ dict "envAll" $envAll "application" "ingress" "container" "maas_ingress_vip_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
{{ dict "envAll" $envAll "application" "ingress" "container" "maas_ingress_vip_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
securityContext:
|
|
||||||
capabilities:
|
|
||||||
add:
|
|
||||||
- 'NET_ADMIN'
|
|
||||||
- 'SYS_MODULE'
|
|
||||||
runAsUser: 0
|
|
||||||
command:
|
command:
|
||||||
- /tmp/maas-vip-configure.sh
|
- /tmp/maas-vip-configure.sh
|
||||||
- start
|
- start
|
||||||
|
@ -206,9 +200,6 @@ spec:
|
||||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
{{ dict "envAll" $envAll "application" "ingress" "container" "maas_ingress_vip" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
{{ dict "envAll" $envAll "application" "ingress" "container" "maas_ingress_vip" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
capabilities:
|
|
||||||
add:
|
|
||||||
- 'NET_ADMIN'
|
|
||||||
command:
|
command:
|
||||||
- /bin/init
|
- /bin/init
|
||||||
env:
|
env:
|
||||||
|
@ -233,9 +224,6 @@ spec:
|
||||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
{{ dict "envAll" $envAll "application" "ingress" "container" "maas_ingress" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
{{ dict "envAll" $envAll "application" "ingress" "container" "maas_ingress" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
capabilities:
|
|
||||||
add:
|
|
||||||
- 'NET_BIND_SERVICE'
|
|
||||||
command:
|
command:
|
||||||
- /tmp/maas-ingress.sh
|
- /tmp/maas-ingress.sh
|
||||||
- start
|
- start
|
||||||
|
|
|
@ -356,10 +356,21 @@ pod:
|
||||||
container:
|
container:
|
||||||
maas_ingress_vip_init:
|
maas_ingress_vip_init:
|
||||||
readOnlyRootFilesystem: false
|
readOnlyRootFilesystem: false
|
||||||
|
capabilities:
|
||||||
|
add:
|
||||||
|
- 'NET_ADMIN'
|
||||||
|
- 'SYS_MODULE'
|
||||||
|
runAsUser: 0
|
||||||
maas_ingress_vip:
|
maas_ingress_vip:
|
||||||
readOnlyRootFilesystem: false
|
readOnlyRootFilesystem: false
|
||||||
|
capabilities:
|
||||||
|
add:
|
||||||
|
- 'NET_ADMIN'
|
||||||
maas_ingress:
|
maas_ingress:
|
||||||
readOnlyRootFilesystem: false
|
readOnlyRootFilesystem: false
|
||||||
|
capabilities:
|
||||||
|
add:
|
||||||
|
- 'NET_BIND_SERVICE'
|
||||||
ingress_errors:
|
ingress_errors:
|
||||||
pod:
|
pod:
|
||||||
runAsUser: 65534
|
runAsUser: 65534
|
||||||
|
|
Loading…
Reference in New Issue