Open rbogendoerfer opened 1 month ago
Hi, @rbogendoerfer #750 delivers most of the required functionality. Kindly check the latest helm charts & let us know if you have further questions.
Hi @kishorv10 , #750 only provides the possibility to set the securityContext at the pod level, but not at the container level. Certain security restrictions (e.g. capabilities.drop "ALL") must be set at the container level. Hence the option to set the securityContext for containers is required.
Is your feature request related to a problem? Please describe. Many clients require that the security settings for Kubernetes deployments are very strict. One example is setting the Pod Security Admission to restricted:
Running the default deployment with those settings will result in an error message and prevent the deployment from starting:
Describe the solution you'd like For all deployments (pega tiers, srs, pega-hazelcast/clustering-service, Constellation appstatic and messaging, etc.) it should be possible to specify a securityContext for the pod (this is already in place for many deployments) and for the container!
Example:
Describe alternatives you've considered The only alternative that I can think of is downloading the helm charts and modifying the deployment templates.