DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Chart: Explicitly set runAsGroup. (#11679)

Browse source 
* Chart: Explicitly set `runAsGroup`.

Set a default value for the runAsGroup in container securityContexts of
the controller and default backend.

Also set the runAsGroup for opentelemetry and webhook Job container
securityContexts.

Signed-off-by: Gerald Pape <gerald@giantswarm.io>

* Apply suggestions from code review

Co-authored-by: Marco Ebert <marco_ebert@icloud.com>

---------

Signed-off-by: Gerald Pape <gerald@giantswarm.io>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
This commit is contained in:
Gerald Pape 2024-07-29 15:27:15 +02:00 committed by GitHub
parent 04899b27a9
commit 36df47fcc4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 44 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
charts/ingress-nginx/templates/_helpers.tpl
View file

@ -47,6 +47,7 @@ Controller container security context.
{{- else -}}
runAsNonRoot: {{ .Values.controller.image.runAsNonRoot }}
runAsUser: {{ .Values.controller.image.runAsUser }}
runAsGroup: {{ .Values.controller.image.runAsGroup }}
allowPrivilegeEscalation: {{ or .Values.controller.image.allowPrivilegeEscalation .Values.controller.image.chroot }}
{{- if .Values.controller.image.seccompProfile }}
seccompProfile: {{ toYaml .Values.controller.image.seccompProfile | nindent 2 }}
@ -222,6 +223,7 @@ Default backend container security context.
{{- else -}}
runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }}
runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
runAsGroup: {{ .Values.defaultBackend.image.runAsGroup }}
allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }}
{{- if .Values.defaultBackend.image.seccompProfile }}
seccompProfile: {{ toYaml .Values.defaultBackend.image.seccompProfile | nindent 2 }}