Skip to content

Commit

Permalink
Add security context to seldon-controller-manager deployment
Browse files Browse the repository at this point in the history
  • Loading branch information
@seldondev
mosad authored and seldondev committed Dec 3, 2020
1 parent d352fa9 commit 91d090c
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 0 deletions.
2 changes: 2 additions & 0 deletions helm-charts/seldon-core-operator/templates/deployment_seldon-controller-manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,8 @@ spec:
name: cert
readOnly: true
{{- end }}
securityContext:
runAsUser: '{{ .Values.defaultUserID }}'
serviceAccountName: '{{ .Values.serviceAccount.name }}'
terminationGracePeriodSeconds: 10
{{- if not .Values.managerCreateResources }}
Expand Down
2 changes: 2 additions & 0 deletions operator/config/manager/manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ spec:
control-plane: seldon-controller-manager
spec:
serviceAccountName: manager
securityContext:
runAsUser: 8888
containers:
- command:
- /manager
Expand Down
5 changes: 5 additions & 0 deletions operator/helm/split_resources.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,11 @@ def helm_release(value: str):
res["spec"]["template"]["spec"]["serviceAccountName"] = helm_value(
"serviceAccount.name"
)

# SecurityContext
res["spec"]["template"]["spec"]["securityContext"]["runAsUser"] = helm_value(
"defaultUserID"
)

# Resource requests
res["spec"]["template"]["spec"]["containers"][0]["resources"][
Expand Down

0 comments on commit 91d090c

Please sign in to comment.