Skip to content

Commit

Permalink
Default podSecurityContext to run as 65534:65534
Browse files Browse the repository at this point in the history 
This is required for clusters with a runAsNonRoot policy for regular workload
(eg. Lokomotive).
  • Loading branch information
@mkilchhofer
mkilchhofer committed Mar 9, 2021
1 parent 7915948 commit ba3ad0b
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
2 changes: 1 addition & 1 deletion charts/nebraska/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ $ helm install my-nebraska nebraska/nebraska
| `strategy.rollingUpdate.maxSurge` | The maximum number of pods that can be scheduled above the desired number of pods (Only applies when `strategy.type` is `RollingUpdate`) | `nil` |
| `strategy.rollingUpdate.maxUnavailable` | The maximum number of pods that can be unavailable during the update (Only applies when `strategy.type` is `RollingUpdate`) | `nil` |
| `podAnnotations` | Annotations for pods | `nil` |
| `podSecurityContext` | Holds pod-level security attributes and common container settings | `nil` |
| `podSecurityContext` | Holds pod-level security attributes and common container settings | Check `values.yaml` file |
| `securityContext` | Security options the container should run with | `nil` |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.port` | Kubernetes Service port | `80` |
Expand Down
4 changes: 3 additions & 1 deletion charts/nebraska/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,9 @@ strategy:

podAnnotations: {}

podSecurityContext: {}
podSecurityContext:
runAsUser: 65534
runAsGroup: 65534
# fsGroup: 2000

securityContext: {}
Expand Down

0 comments on commit ba3ad0b

Please sign in to comment.