forked from istio/istio
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Specify istio-init user explicitly (istio#5453)
Istio-init is supposed to be run as a superuser so it can configure iptables and this is the current default. However many popular Helm charts typically define a single container pod and specify `securityContext.runAsUser` on a pod level (rather than the container level) and that is what istio-init inherits. As the result many Helm charts aren't working with Istio auto-injection out of the box. A simple fix would be explicitly setting `securityContext.runAsUser` for istio-init on the container-level so it takes precedence.
- Loading branch information
Phil Rud
committed
Mar 26, 2019
1 parent
350f771
commit 2fcce93
Showing
21 changed files
with
23 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -53,6 +53,7 @@ data: | |
cpu: 100m | ||
memory: 50Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -133,6 +133,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -136,6 +136,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -136,6 +136,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -138,6 +138,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -134,6 +134,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -154,6 +154,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -132,6 +132,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -138,6 +138,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -144,6 +144,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -132,6 +132,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -133,6 +133,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -131,6 +131,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -137,6 +137,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -137,6 +137,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -136,6 +136,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -136,6 +136,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -136,6 +136,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -141,6 +141,7 @@ spec: | |
cpu: 10m | ||
memory: 10Mi | ||
securityContext: | ||
runAsUser: 0 | ||
capabilities: | ||
add: | ||
- NET_ADMIN | ||
|