Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom securityContext in template #392

Merged
merged 1 commit into from
Apr 24, 2020
Merged

Custom securityContext in template #392

merged 1 commit into from
Apr 24, 2020

Conversation

jsrolon
Copy link
Contributor

@jsrolon jsrolon commented Apr 21, 2020
edited

Hello, we currently use kubed in a cluster that has very strict security policies enabled. One of them requires us to specify that each k8s workload has to run as non root, not only in the docker image itself, but also in the security context of the workload. Specifically, we need to add the following key:

securityContext:
    runAsNonRoot: true

I have followed the same approach currently used for pod resources, which is converting the values dictionary directly into yaml in the template, using toYaml. This would let us modify securityContext to fit our requirement, while the default value is the same as it currently is hardcoded in the template.

Please let me know if the pull request is incomplete.

@jsrolon
securityContext can be customized in values file
9daea20 
Signed-off-by: Sebastian Rolon <sebastian.rolon@cerence.com>
@tamalsaha tamalsaha merged commit 25fb119 into config-syncer:master Apr 24, 2020
@tamalsaha
Copy link
Contributor

Thanks @jsrolon !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tamalsaha tamalsaha tamalsaha approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@jsrolon @tamalsaha