Merge pull request #6356 from AlexisMtr/pod-security-context
Add securitycontext settings on defaultbackend
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
fb6b572378
2 changed files with 9 additions and 0 deletions
|
|
@ -52,7 +52,13 @@ spec:
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
securityContext:
|
securityContext:
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
|
runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
|
||||||
|
runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }}
|
||||||
|
allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }}
|
||||||
|
readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem}}
|
||||||
{{- if .Values.defaultBackend.extraEnvs }}
|
{{- if .Values.defaultBackend.extraEnvs }}
|
||||||
env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }}
|
env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
||||||
|
|
@ -555,6 +555,9 @@ defaultBackend:
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
# nobody user -> uid 65534
|
# nobody user -> uid 65534
|
||||||
runAsUser: 65534
|
runAsUser: 65534
|
||||||
|
runAsNonRoot: true
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
|
||||||
extraArgs: {}
|
extraArgs: {}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue