Tiller-deploy: Add pod/container security context
This updates the tiller chart to include the pod security context on the pod template. This also adds the container security context to set readOnlyRootFilesystem flag to true Change-Id: I08694e58d057c04f7ba30ded5dca1207ceaac5e2
This commit is contained in:
parent
50384e47c7
commit
da0f6e61ba
@ -75,6 +75,7 @@ spec:
|
||||
annotations:
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||
spec:
|
||||
{{ dict "envAll" $envAll "application" "tiller" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
@ -82,6 +83,7 @@ spec:
|
||||
- name: tiller
|
||||
{{ tuple $envAll "tiller" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.tiller | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
{{ dict "envAll" $envAll "application" "tiller" "container" "tiller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
env:
|
||||
- name: TILLER_NAMESPACE
|
||||
value: {{ .Values.Name }}
|
||||
|
@ -51,6 +51,14 @@ conf:
|
||||
prestop_sleep: 30
|
||||
|
||||
pod:
|
||||
security_context:
|
||||
tiller:
|
||||
pod:
|
||||
runAsUser: 65534
|
||||
container:
|
||||
tiller:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
probes:
|
||||
tiller:
|
||||
tiller:
|
||||
|
Loading…
Reference in New Issue
Block a user