Etcdctl-utility: Add pod/container security context
This updates the etcdctl-utility chart to include the pod security context on the pod template. This also adds the container security context to set readOnlyRootFilesystem flag to false Change-Id: Ifebf03f7ccdd6515eb0bc757c1e727d68ee5a4ea
This commit is contained in:
parent
19e2fa9721
commit
3ac9cae930
|
@ -73,8 +73,7 @@ spec:
|
|||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 65534
|
||||
{{ dict "envAll" $envAll "application" "etcdctl_util" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "etcdctl" "utility" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
|
@ -84,6 +83,7 @@ spec:
|
|||
- name: {{ printf "%s" $envAll.Release.Name }}
|
||||
{{ tuple $envAll "etcdctl_utility" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.etcdctl_utility | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
{{ dict "envAll" $envAll "application" "etcdctl_util" "container" "etcdctl_utility" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
env:
|
||||
- name: ETCDCTL_API
|
||||
value: "{{ .Values.conf.etcd.etcdctl_api }}"
|
||||
|
|
|
@ -44,6 +44,14 @@ labels:
|
|||
node_selector_value: primary
|
||||
|
||||
pod:
|
||||
security_context:
|
||||
etcdctl_util:
|
||||
pod:
|
||||
runAsUser: 65534
|
||||
container:
|
||||
etcdctl_utility:
|
||||
allowPrivilegeEscalation: true
|
||||
readOnlyRootFilesystem: false
|
||||
dns_policy: "ClusterFirstWithHostNet"
|
||||
replicas:
|
||||
utility: 1
|
||||
|
|
Loading…
Reference in New Issue