-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ansible/helm: add ssc to not allow root previleges
Signed-off-by: Camila Macedo <cmacedo@redhat.com>
- Loading branch information
Camila Macedo
committed
Mar 15, 2021
1 parent
c6796de
commit 59bf269
Showing
7 changed files
with
84 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
# entries is a list of entries to include in | ||
# release notes and/or the migration guide | ||
entries: | ||
- description: > | ||
(ansible/v1)(helm/v1) Add SecurityContext to now allow root privileges. | ||
# kind is one of: | ||
# - addition | ||
# - change | ||
# - deprecation | ||
# - removal | ||
# - bugfix | ||
kind: "addition" | ||
# Is this a breaking change? | ||
breaking: false | ||
# NOTE: ONLY USE `pull_request_override` WHEN ADDING THIS | ||
# FILE FOR A PREVIOUSLY MERGED PULL_REQUEST! | ||
# | ||
# The generator auto-detects the PR number from the commit | ||
# message in which this file was originally added. | ||
# | ||
# What is the pull request number (without the "#")? | ||
# pull_request_override: 0 | ||
# Migration can be defined to automatically add a section to | ||
# the migration guide. This is required for breaking changes. | ||
migration: | ||
header: (ansible/v1)(helm/v1) **(Optional)** Add SecurityContext to now allow root privileges. | ||
body: > | ||
In the `config/manager` add the following security context: | ||
```yaml | ||
spec: | ||
securityContext: | ||
runAsNonRoot: true | ||
... | ||
containers: | ||
- command: | ||
... | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters