ContainerSecurity Specs
Summary
Possibility to set ContainerSecurity Specs like:
containerSecurityContext:
enabled: true
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1001
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
Current behavior
When Installing the Operator Manifest via Helm or Yaml File there is no Possibility to Set the ContainerSecurityContext, this is needed for hardened Clusters.
Expected behavior
When installing with Helm or Yaml Files we should have the possibility to set this Values inside the Values.yaml
containerSecurityContext:
enabled: true
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1001
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
I can implement it in the Helm Chart if desired.
Versions
- Operator: (tagged version | branch | hash
git rev-parse HEAD
) - Platform:
- Self-hosted: (Kubernetes)
- Kubernetes: (
kubectl version
)- Client: v1.27.5
- Server:v1.27.5
Edited by Mitchell Nielsen