Run as ceph user and disallow privilege escalation
This PS is to address security best practices concerning running containers as a non-privileged user and disallowing privilege escalation. Ceph-client is used for the mgr and mds pods. Change-Id: Idbd87408c17907eaae9c6398fbc942f203b51515
This commit is contained in:
parent
3ded481794
commit
abf8d1bc6e
@ -15,6 +15,6 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Ceph Client
|
||||
name: ceph-client
|
||||
version: 0.1.2
|
||||
version: 0.1.3
|
||||
home: https://github.com/ceph/ceph-client
|
||||
...
|
||||
|
@ -71,8 +71,9 @@ pod:
|
||||
runAsUser: 0
|
||||
readOnlyRootFilesystem: true
|
||||
mds:
|
||||
runAsUser: 0
|
||||
runAsUser: 64045
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
mgr:
|
||||
pod:
|
||||
runAsUser: 65534
|
||||
@ -81,8 +82,9 @@ pod:
|
||||
runAsUser: 0
|
||||
readOnlyRootFilesystem: true
|
||||
mgr:
|
||||
runAsUser: 0
|
||||
runAsUser: 64045
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
bootstrap:
|
||||
pod:
|
||||
runAsUser: 65534
|
||||
|
Loading…
Reference in New Issue
Block a user