From 6d7c338af33c14ec577711b1925362c6819a8db0 Mon Sep 17 00:00:00 2001 From: Patria Lukman Date: Sat, 24 Apr 2021 04:44:46 -0400 Subject: [PATCH] =?UTF-8?q?Adding=20privileged,=20allowPrivilegedEscalatio?= =?UTF-8?q?n=20and=20readOnlyRootFilesyst=E2=80=A6=20(#473)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adding privileged, allowPrivilegedEscalation and readOnlyRootFilesystem to container security context, also adjusting deployment.yaml ##### ISSUE TYPE - Feature Pull Request ##### SUMMARY Need to add more granular control to the container's security context. I'd need to add these extra attributes as well as liveness and readiness probes. Is this is something that can be included in the code? thank you ! --- helm/botkube/templates/deployment.yaml | 4 ++++ helm/botkube/values.yaml | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/helm/botkube/templates/deployment.yaml b/helm/botkube/templates/deployment.yaml index e3d9faa..d7b8c0e 100644 --- a/helm/botkube/templates/deployment.yaml +++ b/helm/botkube/templates/deployment.yaml @@ -40,6 +40,10 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.containerSecurityContext }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{ end }} volumeMounts: - name: config-volume mountPath: "/config" diff --git a/helm/botkube/values.yaml b/helm/botkube/values.yaml index ec80647..c59c9e3 100644 --- a/helm/botkube/values.yaml +++ b/helm/botkube/values.yaml @@ -27,6 +27,11 @@ securityContext: runAsUser: 101 runAsGroup: 101 +containerSecurityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + # set one of the log levels- info, warn, debug, error, fatal, panic logLevel: info