In the concourse-web pod, the primary container supports a user-configurable securityContext. However, the "migration" initContainer does not, which causes automated security assessement tools (in my case, Fairwinds Polaris) to fail the entire pod.
Changes proposed in this pull request
This PR simply adds the same securityContext used for the concourse-web primary containier, to the migration initContainer
Contributor Checklist
[X] Variables are documented in the README.md
[X] Which branch are you merging into?
master is for changes related to the current release of the concourse/concourse:latest image and should be good to publish immediately
dev is for changes related to the next release of Concourse (aka unpublished code on master in concourse/concourse)
Reviewer Checklist
This section is intended for the core maintainers only, to track review progress. Please do not
fill out this section.
[ ] Code reviewed
[ ] Topgun tests run
[ ] Back-port if needed
[ ] Is the correct branch targeted? (master or dev)
Signed-off-by: David Young davidy@funkypenguin.co.nz
Existing Issue
Fixes # .
Why do we need this PR?
In the concourse-web pod, the primary container supports a user-configurable securityContext. However, the "migration" initContainer does not, which causes automated security assessement tools (in my case, Fairwinds Polaris) to fail the entire pod.
Changes proposed in this pull request
This PR simply adds the same securityContext used for the concourse-web primary containier, to the migration initContainer
Contributor Checklist
README.mdmasteris for changes related to the current release of theconcourse/concourse:latestimage and should be good to publish immediatelydevis for changes related to the next release of Concourse (aka unpublished code onmasterin concourse/concourse)Reviewer Checklist