Browse Source
Update securityContext of netchecker (#9398)
To run netchecker with necessary privilege,
this updates the securityContext.
pull/9359/head
Kenichi Omichi
2 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with
12 additions and
0 deletions
-
roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2
|
|
|
@ -32,8 +32,14 @@ spec: |
|
|
|
cpu: {{ netchecker_server_cpu_requests }} |
|
|
|
memory: {{ netchecker_server_memory_requests }} |
|
|
|
securityContext: |
|
|
|
allowPrivilegeEscalation: false |
|
|
|
capabilities: |
|
|
|
drop: ['ALL'] |
|
|
|
runAsUser: {{ netchecker_server_user | default('0') }} |
|
|
|
runAsGroup: {{ netchecker_server_group | default('0') }} |
|
|
|
runAsNonRoot: true |
|
|
|
seccompProfile: |
|
|
|
type: RuntimeDefault |
|
|
|
ports: |
|
|
|
- containerPort: 8081 |
|
|
|
args: |
|
|
|
@ -63,8 +69,14 @@ spec: |
|
|
|
cpu: {{ netchecker_etcd_cpu_requests }} |
|
|
|
memory: {{ netchecker_etcd_memory_requests }} |
|
|
|
securityContext: |
|
|
|
allowPrivilegeEscalation: false |
|
|
|
capabilities: |
|
|
|
drop: ['ALL'] |
|
|
|
runAsUser: {{ netchecker_server_user | default('0') }} |
|
|
|
runAsGroup: {{ netchecker_server_group | default('0') }} |
|
|
|
runAsNonRoot: true |
|
|
|
seccompProfile: |
|
|
|
type: RuntimeDefault |
|
|
|
tolerations: |
|
|
|
- effect: NoSchedule |
|
|
|
operator: Exists |
|
|
|
|
