-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ansible/helm: add ssc to not allow root previleges
Signed-off-by: Camila Macedo <cmacedo@redhat.com>
- Loading branch information
Camila Macedo
committed
Mar 15, 2021
1 parent
c6796de
commit 5bec9e1
Showing
7 changed files
with
70 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
# entries is a list of entries to include in | ||
# release notes and/or the migration guide | ||
entries: | ||
- description: > | ||
ansible/v1, helm/v1) Added `securityContext`'s to the manager's Deployment to disallow running as root user. | ||
# kind is one of: | ||
# - addition | ||
# - change | ||
# - deprecation | ||
# - removal | ||
# - bugfix | ||
kind: "addition" | ||
# Is this a breaking change? | ||
breaking: false | ||
# NOTE: ONLY USE `pull_request_override` WHEN ADDING THIS | ||
# FILE FOR A PREVIOUSLY MERGED PULL_REQUEST! | ||
# | ||
# The generator auto-detects the PR number from the commit | ||
# message in which this file was originally added. | ||
# | ||
# What is the pull request number (without the "#")? | ||
# pull_request_override: 0 | ||
# Migration can be defined to automatically add a section to | ||
# the migration guide. This is required for breaking changes. | ||
migration: | ||
header: (ansible/v1, helm/v1) Add `securityContext`'s to your manager's Deployment. | ||
body: > | ||
In `config/manager/manager.yaml`, add the following security contexts: | ||
```yaml | ||
spec: | ||
... | ||
template: | ||
... | ||
spec: | ||
securityContext: | ||
runAsNonRoot: true | ||
containers: | ||
- name: manager | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters