This is a follow-up of #149.
It allows users to set the pod's securityContext, volumes, automountServiceAccountToken as well as container volumeMounts on the install-job pod.
This can be used so that workloads conform with CIS, BSI or NSA security standards.
Proof of work
most of it is included in unittests
i ran a manual test to the installation procedure, see below
What this PR does / why we need it:
This is a follow-up of #149. It allows users to set the pod's
securityContext
,volumes
,automountServiceAccountToken
as well as containervolumeMounts
on the install-job pod. This can be used so that workloads conform withCIS
,BSI
orNSA
security standards.Proof of work
I modified the values like this:
Then did a
helm template . | tee flux.install.yaml | kubectl apply -f -
. here a extract from the install job yaml:Installation went smoothly, pods are up and running:
Which issue this PR fixes
Special notes for your reviewer:
Checklist
make reviewable