From d3dec3d2572c9a339432baa2bdc75c1c9d431582 Mon Sep 17 00:00:00 2001
From: RAHUL KHIYANI <rk0850@att.com>
Date: Tue, 28 May 2019 13:56:56 -0500
Subject: [PATCH] Ceph-mon: Fix security context for pod/container

This changes the  user from root to the nobody user instead
in ceph-mon chart wherever needed

Change-Id: I5d3c1fbc8f983688807b73867773bfa2d83b91b3
---
 ceph-mon/values.yaml | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/ceph-mon/values.yaml b/ceph-mon/values.yaml
index 4fc04ce30..42dbff30b 100644
--- a/ceph-mon/values.yaml
+++ b/ceph-mon/values.yaml
@@ -48,31 +48,37 @@ pod:
   security_context:
     mon:
       pod:
-        runAsUser: 0
+        runAsUser: 65534
       container:
         ceph_init_dirs:
+          runAsUser: 0
           readOnlyRootFilesystem: true
         ceph_log_ownership:
+          runAsUser: 0
           readOnlyRootFilesystem: true
         ceph_mon:
+          runAsUser: 0
           readOnlyRootFilesystem: true
     moncheck:
       pod:
-        runAsUser: 0
+        runAsUser: 65534
       container:
         ceph_mon:
+          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
     bootstrap:
       pod:
-        runAsUser: 0
+        runAsUser: 65534
       container:
         ceph_bootstrap:
+          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
     storage_keys_generator:
       pod:
-        runAsUser: 0
+        runAsUser: 65534
       container:
         ceph_storage_keys_generator:
+          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
   dns_policy: "ClusterFirstWithHostNet"
   replicas: