openstack/openstack-helm-infra
Code Issues Proposed changes

Ceph-mon: Fix security context for pod/container

Browse Source 
This changes the  user from root to the nobody user instead
in ceph-mon chart wherever needed

Change-Id: I5d3c1fbc8f983688807b73867773bfa2d83b91b3
This commit is contained in:
RAHUL KHIYANI 2019-05-28 13:56:56 -05:00 committed by Rahul Khiyani
parent 5245f04d4c
commit d3dec3d257
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ceph-mon/values.yaml
View File

@ -48,31 +48,37 @@ pod:
security_context: security_context:
mon: mon:
pod: pod:
runAsUser: 0 runAsUser: 65534
container: container:
ceph_init_dirs: ceph_init_dirs:
runAsUser: 0
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
ceph_log_ownership: ceph_log_ownership:
runAsUser: 0
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
ceph_mon: ceph_mon:
runAsUser: 0
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
moncheck: moncheck:
pod: pod:
runAsUser: 0 runAsUser: 65534
container: container:
ceph_mon: ceph_mon:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
bootstrap: bootstrap:
pod: pod:
runAsUser: 0 runAsUser: 65534
container: container:
ceph_bootstrap: ceph_bootstrap:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
storage_keys_generator: storage_keys_generator:
pod: pod:
runAsUser: 0 runAsUser: 65534
container: container:
ceph_storage_keys_generator: ceph_storage_keys_generator:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
dns_policy: "ClusterFirstWithHostNet" dns_policy: "ClusterFirstWithHostNet"
replicas: replicas: