openstack
/
openstack-helm
Code Issues Proposed changes

Merge "Implement Security Context for Nova"

This commit is contained in:
Zuul 2019-12-02 23:40:13 +00:00 committed by Gerrit Code Review
parent 5e422fa641 4fdbf3c07a
commit f09e805abf
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nova/templates/deployment-placement.yaml
View File

@ -58,6 +58,7 @@ spec:
- name: nova-placement-api
{{ tuple $envAll "nova_placement" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.placement | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova" "container" "nova_placement_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /tmp/nova-placement-api.sh
- start

3
nova/values.yaml
View File

@ -2203,6 +2203,9 @@ pod:
nova_novncproxy:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
nova_placement_api:
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
nova_scheduler:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false