Update securityContext of netchecker (#9398)

To run netchecker with necessary privilege,
this updates the securityContext.
This commit is contained in:
Kenichi Omichi 2022-10-18 11:11:18 +09:00 committed by GitHub
parent 5ad1d9db5e
commit c38fb866b7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -32,8 +32,14 @@ spec:
cpu: {{ netchecker_server_cpu_requests }}
memory: {{ netchecker_server_memory_requests }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ['ALL']
runAsUser: {{ netchecker_server_user | default('0') }}
runAsGroup: {{ netchecker_server_group | default('0') }}
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
ports:
- containerPort: 8081
args:
@ -63,8 +69,14 @@ spec:
cpu: {{ netchecker_etcd_cpu_requests }}
memory: {{ netchecker_etcd_memory_requests }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ['ALL']
runAsUser: {{ netchecker_server_user | default('0') }}
runAsGroup: {{ netchecker_server_group | default('0') }}
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
tolerations:
- effect: NoSchedule
operator: Exists