New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ansible/helm: add ssc to not allow root previleges #4655
ansible/helm: add ssc to not allow root previleges #4655
Conversation
03faf5a
to
16b0302
Compare
16b0302
to
7daef58
Compare
7daef58
to
59bf269
Compare
59bf269
to
418d6f8
Compare
# release notes and/or the migration guide | ||
entries: | ||
- description: > | ||
(ansible/v1)(helm/v1) Add SecurityContext to now allow root privileges. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(ansible/v1)(helm/v1) Add SecurityContext to now allow root privileges. | |
(ansible/v1, helm/v1) Added `securityContext`'s to the manager's Deployment to disallow running as root user. |
# Migration can be defined to automatically add a section to | ||
# the migration guide. This is required for breaking changes. | ||
migration: | ||
header: (ansible/v1)(helm/v1) **(Optional)** Add SecurityContext to now allow root privileges. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All v1.y
migrations are optional.
header: (ansible/v1)(helm/v1) **(Optional)** Add SecurityContext to now allow root privileges. | |
header: (ansible/v1, helm/v1) Add `securityContext`'s to your manager's Deployment. |
migration: | ||
header: (ansible/v1)(helm/v1) **(Optional)** Add SecurityContext to now allow root privileges. | ||
body: > | ||
In the `config/manager` add the following security context: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the `config/manager` add the following security context: | |
In `config/manager/manager.yaml`, add the following security contexts: |
body: > | ||
In the `config/manager` add the following security context: | ||
```yaml | ||
spec: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you indent these from the root field, ex
spec:
...
template:
...
spec:
securityContext:
runAsNonRoot: true
containers:
- name: manager
securityContext:
allowPrivilegeEscalation: false
Signed-off-by: Camila Macedo <cmacedo@redhat.com>
418d6f8
to
5bec9e1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
This is related to upgrade operator-sdk to v1.6.0: https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.6.0/ operator-framework/operator-sdk#4655 Signed-off-by: Wayne Sun <gsun@redhat.com>
Signed-off-by: Camila Macedo cmacedo@redhat.com
Description of the change:
Motivation for the change:
Checklist
If the pull request includes user-facing changes, extra documentation is required:
changelog/fragments
(seechangelog/fragments/00-template.yaml
)website/content/en/docs