-
Notifications
You must be signed in to change notification settings - Fork 761
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add securityContext definitions on container level #1673
Conversation
Signed-off-by: Raul Garcia Sanchez <[email protected]>
what are the default settings, if this is not set? The reason I am asking is the implications of this change to backwards compatibility |
@Vad1mo default values are as followed on container level:
|
Having that would partially solve the problem of non-compliance with restricted |
@rgarcia89 If these changes would get merged (with |
@Kajot-dev valid point. I will add the |
Signed-off-by: Raul Garcia Sanchez <[email protected]>
Signed-off-by: Raul Garcia Sanchez <[email protected]>
@rgarcia89 Thanks, looks nice! |
Perfect, so we only need to find a second reviewer. |
#456 |
@rgarcia89 Would it be possible to add
|
Signed-off-by: Raul Garcia Sanchez <[email protected]>
@Kajot-dev sure - I just added them. |
Hi @rgarcia89 , @Kajot-dev Thanks for both of your contributions on the PSP and security contexts. By reviewing both of pt-1763 and pr1666, I have a few thoughts combined with some of our downstream usage scenario:
I made a sample PR https://github.com/goharbor/harbor-helm/pull/1695/files for more details |
@MinerYang imho, I'm fine with both approaches. I'm fine with making them configurable through the values file, just as much as hardcoding them into the specific YAMLs. I opted for the latter initially, believing there isn't much reason for anyone to modify them. Nevertheless, if you prefer them to be modifiable, I propose we close my PR and proceed with yours. My main goal is to ensure that we integrate this into the Helm chart, regardless of the method ;) |
Thanks @rgarcia89 . |
Thanks @rgarcia89 ! Will close this PR and please help to review #1695 as we discussed. |
Deployment hardening by adding / updating the securityContext definitions on container level.