openstack/openstack-helm-infra
Code Issues Proposed changes

Ceph-client: Fix security context for pod/container

Browse Source 
This changes the  user from root to the nobody user instead
in ceph-client chart wherever needed

Change-Id: I4c56b97f85093bbbaaef617f1981f67215a8bc00
This commit is contained in:
RAHUL KHIYANI 2019-05-28 11:13:18 -05:00 committed by Rahul Khiyani
parent 630efb7fb0
commit 789fa7a4e5
1 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ceph-client/values.yaml
View File

@ -56,43 +56,51 @@ pod:
security_context: security_context:
checkdns: checkdns:
pod: pod:
runAsUser: 0 runAsUser: 65534
container: container:
checkdns: checkdns:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
mds: mds:
pod: pod:
runAsUser: 0 runAsUser: 65534
container: container:
init_dirs: init_dirs:
runAsUser: 0
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
mds: mds:
runAsUser: 0
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
mgr: mgr:
pod: pod:
runAsUser: 0 runAsUser: 65534
container: container:
init_dirs: init_dirs:
runAsUser: 0
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
mgr: mgr:
runAsUser: 0
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
bootstrap: bootstrap:
pod: pod:
runAsUser: 0 runAsUser: 65534
container: container:
bootstrap: bootstrap:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
rbd_pool: rbd_pool:
pod: pod:
runAsUser: 0 runAsUser: 65534
container: container:
rbd_pool: rbd_pool:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
test: test:
pod: pod:
runAsUser: 0 runAsUser: 65534
container: container:
test: test:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
dns_policy: "ClusterFirstWithHostNet" dns_policy: "ClusterFirstWithHostNet"
replicas: replicas: