Ceph-mon: Fix security context for pod/container

This changes the  user from root to the nobody user instead
in ceph-mon chart wherever needed

Change-Id: I5d3c1fbc8f983688807b73867773bfa2d83b91b3
This commit is contained in:
RAHUL KHIYANI 2019-05-28 13:56:56 -05:00 committed by Rahul Khiyani
parent 5245f04d4c
commit d3dec3d257
1 changed files with 10 additions and 4 deletions

View File

@ -48,31 +48,37 @@ pod:
security_context:
mon:
pod:
runAsUser: 0
runAsUser: 65534
container:
ceph_init_dirs:
runAsUser: 0
readOnlyRootFilesystem: true
ceph_log_ownership:
runAsUser: 0
readOnlyRootFilesystem: true
ceph_mon:
runAsUser: 0
readOnlyRootFilesystem: true
moncheck:
pod:
runAsUser: 0
runAsUser: 65534
container:
ceph_mon:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
bootstrap:
pod:
runAsUser: 0
runAsUser: 65534
container:
ceph_bootstrap:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
storage_keys_generator:
pod:
runAsUser: 0
runAsUser: 65534
container:
ceph_storage_keys_generator:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
dns_policy: "ClusterFirstWithHostNet"
replicas: