From 789fa7a4e5a37875bc6372c733f10d6a206e87bb Mon Sep 17 00:00:00 2001
From: RAHUL KHIYANI <rk0850@att.com>
Date: Tue, 28 May 2019 11:13:18 -0500
Subject: [PATCH] Ceph-client: Fix security context for pod/container

This changes the  user from root to the nobody user instead
in ceph-client chart wherever needed

Change-Id: I4c56b97f85093bbbaaef617f1981f67215a8bc00
---
 ceph-client/values.yaml | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/ceph-client/values.yaml b/ceph-client/values.yaml
index e5c39b65b..d61b2784a 100644
--- a/ceph-client/values.yaml
+++ b/ceph-client/values.yaml
@@ -56,43 +56,51 @@ pod:
   security_context:
     checkdns:
       pod:
-        runAsUser: 0
+        runAsUser: 65534
       container:
         checkdns:
+          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
     mds:
       pod:
-        runAsUser: 0
+        runAsUser: 65534
       container:
         init_dirs:
+          runAsUser: 0
           readOnlyRootFilesystem: true
         mds:
+          runAsUser: 0
           readOnlyRootFilesystem: true
     mgr:
       pod:
-        runAsUser: 0
+        runAsUser: 65534
       container:
         init_dirs:
+          runAsUser: 0
           readOnlyRootFilesystem: true
         mgr:
+          runAsUser: 0
           readOnlyRootFilesystem: true
     bootstrap:
       pod:
-        runAsUser: 0
+        runAsUser: 65534
       container:
         bootstrap:
+          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
     rbd_pool:
       pod:
-        runAsUser: 0
+        runAsUser: 65534
       container:
         rbd_pool:
+          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
     test:
       pod:
-        runAsUser: 0
+        runAsUser: 65534
       container:
         test:
+          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
   dns_policy: "ClusterFirstWithHostNet"
   replicas: