Add missing security context to elasticsearch pods/containers

This updates the elasticsearch chart to include the pod security context on the pod template. This also adds the container security context to set readOnlyRootFilesystem flag to true Change-Id: I8d1057f242b741fd297eca7475eb3bfb5e383f1c
2020-07-06 20:04:33 -05:00
parent 2b4cf6a2d9
commit eec5635f43
4 changed files with 24 additions and 2 deletions
--- a/elasticsearch/values.yaml
+++ b/elasticsearch/values.yaml
@@ -243,6 +243,24 @@ pod:
              - IPC_LOCK
              - SYS_RESOURCE
          readOnlyRootFilesystem: false
+    curator:
+      pod:
+        runAsUser: 0
+      container:
+        curator:
+          readOnlyRootFilesystem: true
+    verify_repositories:
+      pod:
+        runAsUser: 0
+      container:
+        elasticsearch_verify_repositories:
+          readOnlyRootFilesystem: true
+    create_template:
+      pod:
+        runAsUser: 0
+      container:
+        create_elasticsearch_template:
+          readOnlyRootFilesystem: true
  affinity:
    anti:
      type: