Open akefirad opened 1 year ago
This issue has not received any attention in 1 year and will be closed soon. If you want to keep it open, please leave a comment below @mentioning a maintainer.
👋
The problem here is that we generate a default security context for containers, regardless of whether the deployment has its own context - thus overriding it. I think its reasonable to first check if the deployment has a security context, and only set a default if it doesn't. This will allow k8s to apply the correct hierarchal context behavior.
Description of the feature or enhancement:
I'm not entirely sure, but shouldn't the security context of a Deployment object be used in its pods?
Use Case:
Let's say we have a Deployment object like below:
If you generate the manifest using the above, the pod still gets
ensureNonRoot: true
. Is that intended? Currently you have to set the property to false in both places; i.e. in Deployment and Container.Proposed Solution:
Does it make sense to use the deployment security context as a default value for its pods?
Other:
N/A
This is a :rocket: Feature Request