C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update securityContext of netchecker (#9398)

Browse source 
To run netchecker with necessary privilege,
this updates the securityContext.
This commit is contained in:
Kenichi Omichi 2022-10-18 11:11:18 +09:00 committed by GitHub
parent 5ad1d9db5e
commit c38fb866b7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2
View file

@ -32,8 +32,14 @@ spec:
cpu: {{ netchecker_server_cpu_requests }} cpu: {{ netchecker_server_cpu_requests }}
memory: {{ netchecker_server_memory_requests }} memory: {{ netchecker_server_memory_requests }}
securityContext: securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ['ALL']
runAsUser: {{ netchecker_server_user | default('0') }} runAsUser: {{ netchecker_server_user | default('0') }}
runAsGroup: {{ netchecker_server_group | default('0') }} runAsGroup: {{ netchecker_server_group | default('0') }}
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
ports: ports:
- containerPort: 8081 - containerPort: 8081
args: args:
@ -63,8 +69,14 @@ spec:
cpu: {{ netchecker_etcd_cpu_requests }} cpu: {{ netchecker_etcd_cpu_requests }}
memory: {{ netchecker_etcd_memory_requests }} memory: {{ netchecker_etcd_memory_requests }}
securityContext: securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ['ALL']
runAsUser: {{ netchecker_server_user | default('0') }} runAsUser: {{ netchecker_server_user | default('0') }}
runAsGroup: {{ netchecker_server_group | default('0') }} runAsGroup: {{ netchecker_server_group | default('0') }}
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule
operator: Exists operator: Exists