New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
helm: set hubble-ui securityContext #11475
helm: set hubble-ui securityContext #11475
Conversation
Please set the appropriate release note label. |
/cc @gandro - I don't know what is wrong with the label: 1st: filled release not 2nd: removed section => same result. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot for the PR! As discussed on Slack, I believe the securityContext
should be opt-in (via Helm values), to allow the chart to function with the existing v0.5
hubble-ui image.
I propose we add the following to the values.yaml of hubble-ui.
securityContext:
enabled: false
runAsUser: 1001
Once we have a new release of the hubble-ui container and we bump the default image tag, we can then update the securityContext.enabled=true
by default to make it opt-out.
The image hubble-ui no longer needs run as root user Signed-off-by: Alex Szakaly <alex.szakaly@gmail.com>
test-me-please |
test-me-please |
retest-net-next |
FYI: new |
The image hubble-ui no longer needs run as root user
Special notes for your reviewer:
Do not merge it until new hubble-ui image is released, see corresponding pull request: cilium/hubble-ui#31. Tested on k8s (
v1.18
) with enforced restricted PSP.UPDATE:
Set it as optional to not to break
hubble-ui
<=0.5.0
deployments.Signed-off-by: Alex Szakaly alex.szakaly@gmail.com
Please ensure your pull request adheres to the following guidelines:
description and a
Fixes: #XXX
line if the commit addresses a particularGitHub issue.
Fixes:
N/A