Skip to content

ContainerSecurity Specs

Summary

Possibility to set ContainerSecurity Specs like:

containerSecurityContext:
    enabled: true
    readOnlyRootFilesystem: false
    allowPrivilegeEscalation: false
    runAsNonRoot: true
    runAsUser: 1001
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

Current behavior

When Installing the Operator Manifest via Helm or Yaml File there is no Possibility to Set the ContainerSecurityContext, this is needed for hardened Clusters.

Expected behavior

When installing with Helm or Yaml Files we should have the possibility to set this Values inside the Values.yaml

containerSecurityContext:
    enabled: true
    readOnlyRootFilesystem: false
    allowPrivilegeEscalation: false
    runAsNonRoot: true
    runAsUser: 1001
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

I can implement it in the Helm Chart if desired.

Versions

  • Operator: (tagged version | branch | hash git rev-parse HEAD)
  • Platform:
    • Self-hosted: (Kubernetes)
  • Kubernetes: (kubectl version)
    • Client: v1.27.5
    • Server:v1.27.5
Edited by Mitchell Nielsen