Closed embik closed 1 year ago
/cc @mjudeikis
LGTM label has been added.
/approve /lgtm
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: mjudeikis
The full list of commands accepted by this bot can be found here.
The pull request process is described here
This PR adds what I mentioned over in the previous PR (https://github.com/kcp-dev/helm-charts/pull/38#discussion_r1253102023) to the kcp pod templates. I took the liberty to also enable seccomp profiles by default, a small security improvements usually recommended. I don't think kcp does any crazy syscalls that we would need to allow outside of seccomp.
The fsGroup is chosen based on the kcp Dockerfile setting the image up to use this user and group ID by default. For some environments, this is a necessary setting so the mounted PVC gets reconfigured correctly.