Implement Security Context for Horizon
Implement container security context for the following Horizon resources: - Horizon server deployment Change-Id: I8202cd011f4c4f73d778c5f0ad2648440e259e5d
This commit is contained in:
parent
1d0e21e370
commit
b5063695b0
@ -46,8 +46,6 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
{{ dict "envAll" $envAll "application" "horizon" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||
affinity:
|
||||
@ -61,6 +59,7 @@ spec:
|
||||
- name: horizon
|
||||
{{ tuple $envAll "horizon" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
{{ dict "envAll" $envAll "application" "horizon" "container" "horizon" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
command:
|
||||
|
@ -1978,9 +1978,14 @@ dependencies:
|
||||
service: local_image_registry
|
||||
|
||||
pod:
|
||||
user:
|
||||
security_context:
|
||||
horizon:
|
||||
uid: 42424
|
||||
pod:
|
||||
runAsUser: 42424
|
||||
container:
|
||||
horizon:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
affinity:
|
||||
anti:
|
||||
type:
|
||||
|
Loading…
x
Reference in New Issue
Block a user