Ingress: Add pod/container security context

This updates the etcd chart to include the pod security context on the pod template. This also adds the container security context to set readOnlyRootFilesystem to true Change-Id: I9bf05ab5c21f9afbe269e1566cfecd20b3c086c0
2019-05-17 00:22:11 -05:00 · 2019-05-17 00:22:11 -05:00 · a0d67a1117
commit a0d67a1117
parent 2f0c2e328d
1 changed files with 10 additions and 5 deletions
--- a/ingress/values.yaml
+++ b/ingress/values.yaml
@ -44,31 +44,36 @@ pod:
  security_context:
    error_pages:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        ingress_error_pages:
+          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
    server:
      pod:
-        runAsUser: 0
+        runAsUser: 65534
      container:
        ingress_vip_kernel_modules:
          capabilities:
            add:
              - SYS_MODULE
-          readOnlyRootFilesystem: false
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
        ingress_vip_init:
          capabilities:
            add:
              - NET_ADMIN
-          readOnlyRootFilesystem: false
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
        ingress:
+          runAsUser: 0
          readOnlyRootFilesystem: false
        ingress_vip:
          capabilities:
            add:
              - NET_ADMIN
-          readOnlyRootFilesystem: false
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
  affinity:
    anti:
      type: