petewall
commented
1 month ago This comes from an escalation: https://github.com/grafana/support-escalations/issues/10230
Closed petewall closed 1 month ago
petewall
commented
1 month ago This comes from an escalation: https://github.com/grafana/support-escalations/issues/10230
This creates three security context constraints objects now, one for each Alloy instance. The code does template once and invokes that template three times (the logs template will enable hostpath permissions if it's using volume based log gathering)
It does not set the user id to non-root.
It does add a set of capabilities that was listed in another issue. At some point, I'll need to sync with the alloy team for the minimal set required here.