Sok3t/descheduler
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/descheduler.git synced 2026-01-28 06:29:29 +01:00
Code Packages Releases Activity

Merge pull request #1066 from JaneLiuL/securitycontext

Browse Source 
expose security context from helm chart
This commit is contained in:
Kubernetes Prow Robot
2023-03-09 17:32:32 -08:00
committed by GitHub
parent 710611527c 12965c4660
commit 85e9f86e85
3 changed files with 12 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
charts/descheduler/templates/cronjob.yaml
View File

@@ -81,13 +81,7 @@ spec:
resources: resources:
{{- toYaml .Values.resources | nindent 16 }} {{- toYaml .Values.resources | nindent 16 }}
securityContext: securityContext:
allowPrivilegeEscalation: false {{- toYaml .Values.securityContext | nindent 16 }}
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
volumeMounts: volumeMounts:
- mountPath: /policy-dir - mountPath: /policy-dir
name: policy-volume name: policy-volume

8
charts/descheduler/templates/deployment.yaml
View File

@@ -65,13 +65,7 @@ spec:
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
securityContext: securityContext:
allowPrivilegeEscalation: false {{- toYaml .Values.securityContext | nindent 12 }}
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
volumeMounts: volumeMounts:
- mountPath: /policy-dir - mountPath: /policy-dir
name: policy-volume name: policy-volume

10
charts/descheduler/values.yaml
View File

@@ -22,6 +22,16 @@ resources:
# cpu: 100m # cpu: 100m
# memory: 128Mi # memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""