openstack/openstack-helm
Code Issues Proposed changes

Implement missing security context for nginx container

Browse Source 
This change adds security context template at pod/container level

Change-Id: I2fbff7b3325f4b6dd98d9299b0daf9e230ece9ae
This commit is contained in:
PrateekDodda 2020-09-01 10:04:47 -05:00 committed by Prateek Dodda
parent 56772fdbaa
commit 16b2c8dcc4
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
glance/templates/deployment-api.yaml
View File

@ -96,6 +96,7 @@ spec:
- name: nginx
{{ tuple $envAll "nginx" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.nginx | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "glance" "container" "nginx" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
ports:
- name: g-api
containerPort: {{ tuple "image" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}

3
glance/values.yaml
View File

@ -845,6 +845,9 @@ pod:
glance_api:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
nginx:
readOnlyRootFilesystem: false
runAsUser: 0
glance_registry:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false