Update securityContext of netchecker (#9398)
To run netchecker with necessary privilege, this updates the securityContext.
This commit is contained in:
parent
5ad1d9db5e
commit
c38fb866b7
1 changed files with 12 additions and 0 deletions
|
@ -32,8 +32,14 @@ spec:
|
|||
cpu: {{ netchecker_server_cpu_requests }}
|
||||
memory: {{ netchecker_server_memory_requests }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ['ALL']
|
||||
runAsUser: {{ netchecker_server_user | default('0') }}
|
||||
runAsGroup: {{ netchecker_server_group | default('0') }}
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
ports:
|
||||
- containerPort: 8081
|
||||
args:
|
||||
|
@ -63,8 +69,14 @@ spec:
|
|||
cpu: {{ netchecker_etcd_cpu_requests }}
|
||||
memory: {{ netchecker_etcd_memory_requests }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ['ALL']
|
||||
runAsUser: {{ netchecker_server_user | default('0') }}
|
||||
runAsGroup: {{ netchecker_server_group | default('0') }}
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
operator: Exists
|
||||
|
|
Loading…
Reference in a new issue