DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update manifest to run as user (#2691)

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2018-06-23 08:41:57 -04:00 committed by GitHub
parent 0dbc9a2973
commit 03b22e605e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 33 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
Changelog.md
View file

@ -4,6 +4,23 @@
**Image:** `quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.0`
*Breaking changes:*
Running as user requires an update in the deployment manifest.
```yaml
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
```
Note: the deploy [guide](https://kubernetes.github.io/ingress-nginx/deploy/#mandatory-command) contains this change
*New Features:*
- Run as user dropping root privileges

8
deploy/mandatory.yaml
View file

@ -251,6 +251,14 @@ spec:
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
env:
- name: POD_NAME
valueFrom:

8
deploy/with-rbac.yaml
View file

@ -30,6 +30,14 @@ spec:
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
env:
- name: POD_NAME
valueFrom: