Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to define containersecuritycontext #36

Open
jeremych1000 opened this issue Jun 9, 2023 · 1 comment
Open

Add ability to define containersecuritycontext #36

jeremych1000 opened this issue Jun 9, 2023 · 1 comment

Comments

@jeremych1000
Copy link

Hi,

I run a cluster that has a policy engine on it that forbids insecure pods/containers.

Currently there is a way to define a pod security context, but not a container security context.

Can we add this in please? It just needs to be a new line in the container spec.

This is what I require:

podSecurityContext:
  runAsGroup: 2000
  runAsNonRoot: true
  runAsUser: 1000
  fsGroup: 2000
  seccompProfile:
    type: RuntimeDefault

containerSecurityContext:
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: true
  seccompProfile:
    type: RuntimeDefault
  capabilities:
    drop: ["ALL"]
@drustan
Copy link

drustan commented Nov 14, 2023

Easy workaround :

helm template --namespace k8s-pod-restart-info-collector --set slackWebhookUrl="https://hooks.slack.com/XXXXXXXXXXXXXXXXXXXXXXXXXXX" --set clusterName="k8s" --set slackChannel="k8s" . > k8s-pod-restart-info-collector.yaml

And you edit your deployment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@drustan @jeremych1000