Open konire opened 5 months ago
@reddy-srinivas @ravitejamekapega Can you please take a look?
@konire @kishorv10 @reddy-srinivas @ravitejamekapega,
Perhaps this can be looked at more generic.
I am facing customisations to the template files due to company security settings and therefore for all containers/pods I need to add the following:
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
It would be great if these securityContext values can be specified in the values.yaml
, so at the global level and be fully inherited by all underlying templates or charts.
Especially on in-company shared k8s platforms, security becomes more and more important.
@dekke046 Are you asking for SRS subchart or backing services or Pega charts? Can you be specific.
@kishorv10
At least I had to make securityContext changes to the following files for the Pega chart:
./charts/pegasearch/templates/pega-search-deployment.yaml
./templates/_pega-deployment.tpl
./templates/_helpers.tpl
For the backingservices:
./charts/srs/templates/srsservice_deployment.yaml
I have not checked the addons charts files yet.
I only did helm install, do not yet have any experience with helm upgrade for version upgrade activities, that will probably start a container doing all the database upgrade SQL work and also needs to have the proper securityContext settings.
@dekke046 Pegasearch sub chart deployment (./charts/pegasearch/templates/pega-search-deployment.yaml) is deprecated and for 8.6 and above version it is recommended to use SRS backing services. Latest enhancements are not provided to it. More details are here
Are both the Pegasearch subchart and SRS backing service utilized in your deployment?
The current ask is partially completed in #750 Start using the feature and revert in case of any issues.
@dekke046 Pegasearch sub chart deployment (./charts/pegasearch/templates/pega-search-deployment.yaml) is deprecated and for 8.6 and above version it is recommended to use SRS backing services. Latest enhancements are not provided to it. More details are here
Are both the Pegasearch subchart and SRS backing service utilized in your deployment?
Thank you, we will move towards SRS soon!
The current ask is partially completed in #750 Start using the feature and revert in case of any issues.
Excellent @kishorv10 , We will test this feature.
Is your feature request related to a problem? Please describe. The SRS chart currently does not support setting the securityContext on pod or container.
Describe the solution you'd like I'd like to (optionally) set the securityContext.
Describe alternatives you've considered n/a
Additional context n/a