Merge "Add missing security context to Neutron pods/containers"

2020-07-13 18:46:33 +00:00 · 2020-07-13 18:46:33 +00:00 · 009bde9d31
commit 009bde9d31
parent 861da9e355 f742ebd6ae
2 changed files with 5 additions and 2 deletions
--- a/neutron/templates/daemonset-l2gw-agent.yaml
+++ b/neutron/templates/daemonset-l2gw-agent.yaml
@ -95,8 +95,7 @@ spec:
        - name: neutron-l2gw-agent
 {{ tuple $envAll "neutron_l2gw" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.agent.l2gw | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          securityContext:
-            privileged: true
+{{ dict "envAll" $envAll "application" "neutron_l2gw_agent" "container" "neutron_l2gw_agent" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
          env:
            - name: RPC_PROBE_TIMEOUT
              value: "{{ .Values.pod.probes.rpc_timeout }}"
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -452,6 +452,10 @@ pod:
    neutron_l2gw_agent:
      pod:
        runAsUser: 42424
+      container:
+        neutron_l2gw_agent:
+          readOnlyRootFilesystem: true
+          privileged: true
    neutron_bagpipe_bgp:
      pod:
        runAsUser: 42424