From d0a93d3370c127b4980f3e9d1059b1f6e85cb82c Mon Sep 17 00:00:00 2001
From: Cliff Parsons <cliff.parsons@att.com>
Date: Wed, 6 Mar 2019 16:19:51 -0600
Subject: [PATCH] Fix placement of privilege escalation in Glance.

In a previous patch set (https://review.openstack.org/#/c/629300/),
the "allowPrivilegeEscalation" flag was set to false for one of the
init containers, but it was intended to be used for the glance-api
container.

Change-Id: If2d83d82a720d7a1a39729bbf3bddc226af3ba20
---
 glance/templates/deployment-api.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml
index cafe3a5252..e7c4ec62a9 100644
--- a/glance/templates/deployment-api.yaml
+++ b/glance/templates/deployment-api.yaml
@@ -71,8 +71,6 @@ spec:
         {{ if eq .Values.storage "rbd" }}
         - name: ceph-keyring-placement
 {{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
-          securityContext:
-            allowPrivilegeEscalation: false
           env:
             - name: RBD_STORE_USER
               value: {{ .Values.conf.glance.glance_store.rbd_store_user | quote }}
@@ -94,6 +92,8 @@ spec:
         - name: glance-api
 {{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          securityContext:
+            allowPrivilegeEscalation: false
           command:
             - /tmp/glance-api.sh
             - start