apiserver-webhook: Add container security context
This also adds the container security context to set readOnlyRootFilesystem flag to true Change-Id: If61b6f9189a36f069efa80ef1a31b35328a92f1a
This commit is contained in:
parent
146a9a5b8e
commit
1deee87b93
|
@ -130,6 +130,7 @@ spec:
|
||||||
- name: apiserver
|
- name: apiserver
|
||||||
image: {{ .Values.images.tags.apiserver }}
|
image: {{ .Values.images.tags.apiserver }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.kubernetes_apiserver | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.kubernetes_apiserver | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
|
||||||
|
{{ dict "envAll" $envAll "application" "apiserver_webhook" "container" "apiserver" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
env:
|
env:
|
||||||
- name: POD_IP
|
- name: POD_IP
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
|
|
@ -202,6 +202,14 @@ network_policy:
|
||||||
- {}
|
- {}
|
||||||
|
|
||||||
pod:
|
pod:
|
||||||
|
security_context:
|
||||||
|
apiserver_webhook:
|
||||||
|
pod:
|
||||||
|
runAsUser: 65534
|
||||||
|
container:
|
||||||
|
apiserver:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
mounts:
|
mounts:
|
||||||
kubernetes_apiserver:
|
kubernetes_apiserver:
|
||||||
init_container: null
|
init_container: null
|
||||||
|
@ -272,10 +280,6 @@ pod:
|
||||||
kubernetes_keystone_webhook_tests:
|
kubernetes_keystone_webhook_tests:
|
||||||
init_container: null
|
init_container: null
|
||||||
kubernetes_keystone_webhook_tests: null
|
kubernetes_keystone_webhook_tests: null
|
||||||
security_context:
|
|
||||||
apiserver_webhook:
|
|
||||||
pod:
|
|
||||||
runAsUser: 65534
|
|
||||||
conf:
|
conf:
|
||||||
paths:
|
paths:
|
||||||
base: '/etc/webhook_apiserver/'
|
base: '/etc/webhook_apiserver/'
|
||||||
|
|
Loading…
Reference in New Issue