Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add allowPrivilegeEscalation=false to pods (#429)

Browse source 
* Add allowPrivilegeEscalation=false to pods

* Add openshift check

* Add injector openshift check
This commit is contained in:
Jason O'Donnell 2020-12-14 14:14:29 -05:00 committed by GitHub
parent d80432a7d5
commit cc20c0b3c1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
templates/injector-deployment.yaml
View file

@ -46,6 +46,10 @@ spec:
{{ template "injector.resources" . }} {{ template "injector.resources" . }}
image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}" image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}" imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
{{- if not .Values.global.openshift }}
securityContext:
allowPrivilegeEscalation: false
{{- end }}
env: env:
- name: AGENT_INJECT_LISTEN - name: AGENT_INJECT_LISTEN
value: ":8080" value: ":8080"

4
templates/server-statefulset.yaml
View file

@ -70,6 +70,10 @@ spec:
- "/bin/sh" - "/bin/sh"
- "-ec" - "-ec"
args: {{ template "vault.args" . }} args: {{ template "vault.args" . }}
{{- if not .Values.global.openshift }}
securityContext:
allowPrivilegeEscalation: false
{{- end }}
env: env:
- name: HOST_IP - name: HOST_IP
valueFrom: valueFrom: