Add missing security context template to promenade init container
This change adds security context template at container level to implement readOnly-fs flag Change-Id: Iab814a3dd5a9bc46251939d6335af6aab21e5eb5
This commit is contained in:
parent
fffb57109d
commit
4eb069dd88
@ -52,6 +52,7 @@ spec:
|
|||||||
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
|
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: promenade-util
|
- name: promenade-util
|
||||||
|
{{ dict "envAll" $envAll "application" "promenade" "container" "promenade_util" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
|
||||||
command:
|
command:
|
||||||
{{- if $mounts_promenade_api.volumeMounts }}
|
{{- if $mounts_promenade_api.volumeMounts }}
|
||||||
- "cp"
|
- "cp"
|
||||||
|
@ -179,6 +179,9 @@ pod:
|
|||||||
pod:
|
pod:
|
||||||
runAsUser: 65534
|
runAsUser: 65534
|
||||||
container:
|
container:
|
||||||
|
promenade_util:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
promenade_api:
|
promenade_api:
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
Loading…
Reference in New Issue
Block a user