Implement Security Context for Nova
Implement container security context for the following Nova resources: - Nova server deployment Change-Id: Ide4f413d4b27bfbffd4e941ff4f87aefe5a319a8
This commit is contained in:
parent
efe3d3cf19
commit
4fdbf3c07a
|
@ -58,6 +58,7 @@ spec:
|
||||||
- name: nova-placement-api
|
- name: nova-placement-api
|
||||||
{{ tuple $envAll "nova_placement" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_placement" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.placement | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.placement | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_placement_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-placement-api.sh
|
- /tmp/nova-placement-api.sh
|
||||||
- start
|
- start
|
||||||
|
|
|
@ -2203,6 +2203,9 @@ pod:
|
||||||
nova_novncproxy:
|
nova_novncproxy:
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
nova_placement_api:
|
||||||
|
readOnlyRootFilesystem: false
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
nova_scheduler:
|
nova_scheduler:
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
|
Loading…
Reference in New Issue