Memcached securityContext
securityContext with readOnlyRootFilesystem is implemented at container level and leveraged the helm-toolkit snippet Change-Id: I8b16e9c17154a2bac162f31939b510fcd773126b
This commit is contained in:
parent
77b37ca520
commit
2b84120034
@ -59,6 +59,7 @@ spec:
|
||||
- name: memcached
|
||||
{{ tuple $envAll "memcached" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
{{ dict "envAll" $envAll "application" "server" "container" "memcached" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
env:
|
||||
- name: MEMCACHED_PORT
|
||||
value: {{ tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
|
||||
|
@ -53,8 +53,7 @@ spec:
|
||||
image: {{ .Values.images.tags.prometheus_memcached_exporter }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.prometheus_memcached_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
{{ dict "envAll" $envAll "application" "memcached_exporter" "container" "memcached_exporter" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
command:
|
||||
- /tmp/memcached-exporter.sh
|
||||
- start
|
||||
|
@ -144,13 +144,19 @@ manifests:
|
||||
service_exporter: true
|
||||
|
||||
pod:
|
||||
user:
|
||||
security_context:
|
||||
memcached_exporter:
|
||||
uid: 65534
|
||||
server:
|
||||
uid: 65534
|
||||
securityContext:
|
||||
pod:
|
||||
runAsUser: 65534
|
||||
container:
|
||||
memcached_exporter:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
server:
|
||||
pod:
|
||||
runAsUser: 65534
|
||||
container:
|
||||
memcached:
|
||||
readOnlyRootFilesystem: true
|
||||
affinity:
|
||||
anti:
|
||||
|
Loading…
Reference in New Issue
Block a user