Improvement: Ability to set SecurityContext

projectcalico / calico

Cloud native networking and network security

https://docs.tigera.io/calico/latest/about/

Apache License 2.0

6.02k stars 1.34k forks source link

Improvement: Ability to set SecurityContext #7282

Open OS-marcelopereira opened 1 year ago

OS-marcelopereira commented 1 year ago

Improvement: Ability to set SecurityContext

Expected Behavior

I have a usecase where I need to set a SecurityContext block on the APIServer deployment, the apiserver container and componentResources, in order to comply with security requitements.

Looking at the documentation, I see that such a thing is not available for the APIServerDeploymentContainer, APIServerDeploymentContainer and APIServerDeploymentContainer

Is this something that might be possible in the future?

Calico version: v3.24.5

caseydavenport commented 1 year ago

Yep, looks like we hard-code a security context here: https://github.com/tigera/operator/blob/master/pkg/render/apiserver.go#L940

It should be possible to expose an option for this, although we need to be careful not to expose an option that can easily break user's clusters.

clayvan commented 12 months ago

https://github.com/tigera/operator/issues/2720

flo-mic commented 8 months ago

is there any update on this?

caseydavenport commented 8 months ago

Just waiting on someone to pick up the torch for this one - I think it's generally agreed to be a good thing. Any takers?