Merge "Limit Ceph OSD Container Security Contexts"

ceph-osd/Chart.yaml

@@ -15,6 +15,6 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Ceph OSD
 name: ceph-osd
-version: 0.1.26
+version: 0.1.27
 home: https://github.com/ceph/ceph
 ...

ceph-osd/values.yaml

@@ -56,9 +56,11 @@ pod:
       container:
         ceph_init_dirs:
           runAsUser: 0
+          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
         ceph_log_ownership:
           runAsUser: 0
+          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
         osd_init:
           runAsUser: 0
@@ -69,7 +71,8 @@ pod:
           privileged: true
           readOnlyRootFilesystem: true
         log_runner:
-          runAsUser: 0
+          runAsUser: 65534
+          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
     bootstrap:
       pod:

releasenotes/notes/ceph-osd.yaml

@@ -27,4 +27,5 @@ ceph-osd:
   - 0.1.24 Ceph OSD Init Improvements
   - 0.1.25 Export crash dumps when Ceph daemons crash
   - 0.1.26 Mount /var/crash inside ceph-osd pods
+  - 0.1.27 Limit Ceph OSD Container Security Contexts
 ...