Haproxy: Add pod/container security context
This updates k8s chart to include the podsecurity context on the pod template This also adds the container security context to set readOnlyRootFilesystem to true Change-Id: Ic823232fbbb3b0967047d88de81f6a2ee83dcd3e
This commit is contained in:
parent
fefd664cd8
commit
da343eb212
|
@ -37,6 +37,7 @@ spec:
|
|||
annotations:
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
spec:
|
||||
{{ dict "envAll" $envAll "application" "haproxy_anchor" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/master
|
||||
effect: NoSchedule
|
||||
|
@ -48,6 +49,7 @@ spec:
|
|||
- name: anchor
|
||||
image: {{ .Values.images.tags.anchor }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ dict "envAll" $envAll "application" "haproxy_anchor" "container" "anchor" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
env:
|
||||
- name: HAPROXY_HEADER
|
||||
value: /tmp/etc/haproxy.cfg.header
|
||||
|
|
|
@ -72,6 +72,14 @@ endpoints:
|
|||
port: 6553
|
||||
|
||||
pod:
|
||||
security_context:
|
||||
haproxy_anchor:
|
||||
pod:
|
||||
runAsUser: 65534
|
||||
container:
|
||||
anchor:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
lifecycle:
|
||||
upgrades:
|
||||
daemonsets:
|
||||
|
|
Loading…
Reference in New Issue