Skip to content
Snippets Groups Projects
Commit 2584bec1 authored by Remi  PLANEL's avatar Remi PLANEL
Browse files

configure security context for some services

parent 0518a512
No related branches found
No related tags found
No related merge requests found
Pipeline #154492 passed
...@@ -270,7 +270,8 @@ auth: ...@@ -270,7 +270,8 @@ auth:
# If not set and create is true, a name is generated using the fullname template # If not set and create is true, a name is generated using the fullname template
name: "" name: ""
podAnnotations: {} podAnnotations: {}
podSecurityContext: {} podSecurityContext:
runAsUser: 1000
# fsGroup: 2000 # fsGroup: 2000
securityContext: securityContext:
# capabilities: # capabilities:
...@@ -529,15 +530,16 @@ meta: ...@@ -529,15 +530,16 @@ meta:
# If not set and create is true, a name is generated using the fullname template # If not set and create is true, a name is generated using the fullname template
name: "" name: ""
podAnnotations: {} podAnnotations: {}
podSecurityContext: {} podSecurityContext:
runAsUser: 1000
# fsGroup: 2000 # fsGroup: 2000
securityContext: {} securityContext:
# capabilities: # capabilities:
# drop: # drop:
# - ALL # - ALL
# readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
# runAsNonRoot: true # runAsNonRoot: true
# runAsUser: 1000 runAsUser: 1000
service: service:
type: ClusterIP type: ClusterIP
port: 8080 port: 8080
...@@ -604,15 +606,16 @@ storage: ...@@ -604,15 +606,16 @@ storage:
# If not set and create is true, a name is generated using the fullname template # If not set and create is true, a name is generated using the fullname template
name: "" name: ""
podAnnotations: {} podAnnotations: {}
podSecurityContext: {} podSecurityContext:
runAsUser: 1000
# fsGroup: 2000 # fsGroup: 2000
securityContext: {} securityContext:
# capabilities: # capabilities:
# drop: # drop:
# - ALL # - ALL
# readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
# runAsNonRoot: true # runAsNonRoot: true
# runAsUser: 1000 runAsUser: 1000
service: service:
type: ClusterIP type: ClusterIP
port: 5000 port: 5000
...@@ -779,15 +782,16 @@ kong: ...@@ -779,15 +782,16 @@ kong:
# If not set and create is true, a name is generated using the fullname template # If not set and create is true, a name is generated using the fullname template
name: "" name: ""
podAnnotations: {} podAnnotations: {}
podSecurityContext: {} podSecurityContext:
runAsUser: 100
# fsGroup: 2000 # fsGroup: 2000
securityContext: {} securityContext:
# capabilities: # capabilities:
# drop: # drop:
# - ALL # - ALL
# readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
# runAsNonRoot: true # runAsNonRoot: true
# runAsUser: 1000 runAsUser: 100
service: service:
type: ClusterIP type: ClusterIP
port: 8000 port: 8000
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment