Grafana securityContext

securityContext with readOnlyRootFilesystem is implemented at container
level and leveraged the helm-toolkit snippet

Change-Id: I98ca4211e0e236beb3dfe0e11cf5bb10a91b16a6
This commit is contained in:
Rahul Khiyani 2019-03-13 17:27:36 -04:00
parent 77b37ca520
commit 33897b9a01
2 changed files with 8 additions and 6 deletions

View File

@ -44,8 +44,6 @@ spec:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
securityContext:
readOnlyRootFilesystem: true
{{ dict "envAll" $envAll "application" "grafana" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:
@ -56,8 +54,7 @@ spec:
- name: grafana
{{ tuple $envAll "grafana" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.grafana | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
allowPrivilegeEscalation: false
{{ dict "envAll" $envAll "application" "grafana" "container" "grafana" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /tmp/grafana.sh
- start

View File

@ -43,9 +43,14 @@ labels:
node_selector_value: enabled
pod:
user:
security_context:
grafana:
uid: 104
pod:
runAsUser: 104
container:
grafana:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
affinity:
anti:
type: