[stable/weave-scope] Weave security context

[blame19]

Is this a new chart

No

What this PR does / why we need it:

This PR brings securityContext option to all weave-scope containers, namely:

          securityContext:
            runAsNonRoot: true
            readOnlyRootFilesystem: true

Those options, set to true, are considered a security best practice.

Which issue this PR fixes

*`fixes #23008 *

Special notes for your reviewer:

Checklist

[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]

• DCO signed
• Chart Version bumped
• Variables are documented in the README.md
• Title of the PR starts with chart name (e.g. [stable/mychartname])

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: blame19
To complete the pull request process, please assign dholbach
You can assign the PR to them by writing /assign @dholbach in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• stable/weave-scope/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @blame19. Thanks for your PR.

I'm waiting for a helm member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[blame19]

/assign @dholbach

[dholbach]

With this repository being phased out in Aug 18(?), it might make sense to start looking at weaveworks/scope#3807

[blame19]

With this repository being phased out in Aug 18(?), it might make sense to start looking at weaveworks/scope#3807

Should I move the PR to the other repo, then?

[dholbach]

With this repository being phased out in Aug 18(?), it might make sense to start looking at weaveworks/scope#3807

Should I move the PR to the other repo, then?

The move is not decided yet, we're going to discuss weaveworks/scope#3807 in next week's Scope meeting, if you want to show up there, or just subscribe to the issue in scope.

[mattfarina]

@blame19 Helm uses a Developer Certificate of Origin (DCO) to show that you have permission to contribute the content. This requires a signoff on commits. The chechs tab at the top has instructions on fixing the issue. Could you please signoff on the commits.

[mattfarina]

@blame19 I see that you fixed the issue I noted. But, until you signoff with the DCO we will be unable to merge your contribution.

[blame19]

@blame19 I see that you fixed the issue I noted. But, until you signoff with the DCO we will be unable to merge your contribution.

Hey @mattfarina. I signed the commit, let me know if it's ok now.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

[stale]

This issue is being automatically closed due to inactivity.