From bf5840fa7a5a8694f43c25c3aa2a3b0b1638e21c Mon Sep 17 00:00:00 2001
From: Steve Wilkerson <wilkers.steve@gmail.com>
Date: Thu, 3 Jan 2019 16:19:03 -0600
Subject: [PATCH] Grafana: Add container security context

This adds the container security context to grafana, which
explicitly sets allowPrivilegeEscalation to false

Change-Id: I3723a0c96699b9a517dafa2df08bf8cc916bf117
---
 grafana/templates/deployment.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/grafana/templates/deployment.yaml b/grafana/templates/deployment.yaml
index b703792c3..f74f40f01 100644
--- a/grafana/templates/deployment.yaml
+++ b/grafana/templates/deployment.yaml
@@ -54,6 +54,8 @@ spec:
         - name: grafana
 {{ tuple $envAll "grafana" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.grafana | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          securityContext:
+            allowPrivilegeEscalation: false
           command:
             - /tmp/grafana.sh
             - start