Add seccompProfile as valid podSecurityContext property #375
Conversation
| @@ -313,6 +313,16 @@ | |||
| "type": "integer", | |||
| "title": "FS Group", | |||
| "description": "set server pod's security context fsGroup" | |||
| }, | |||
| "seccompProfile": { | |||
| "type": "object", | |||
There was a problem hiding this comment.
is additionalProperties defaulting to true here (eg. if you need to pass localhostProfile)? or do we need to explicitly set it here?
There was a problem hiding this comment.
Hi @dk-oc - just following up here.
There was a problem hiding this comment.
Sorry I missed the notification.
As far as I understand it defaults to true if a podSecurityContext is set.
I use a values.yml as such and can deploy the chart in the restricted environment I am running
server:
containerSecurityContext:
capabilities:
drop: ["ALL"]
podSecurityContext:
seccompProfile:
type: RuntimeDefault
There was a problem hiding this comment.
@dk-oc - I believe the question was more about what happens if you set type: Localhost, as that one requires an extra field to be set named localhostProfile:
securityContext:
seccompProfile:
type: Localhost
localhostProfile: my-profiles/profile-allow.jsonWe'd need to either set additionalProperties here, or explicitly define the localhostProfile
|
@dk-oc going to close this PR for now. Feel free to reopen in the future. |
It seems I can not reopen this PR I could only create a new one. |
|
I reopened it for ya @dk-oc 👍🏼 |
|
@mitchnielsen Thank you. |
|
Thanks for checking in @dk-oc, I missed the added commits. I took a look and left a comment in the thread above. |
Looking at the chart i saw that only the allowed values prohibit setting seccompProfile.
This would fix: #374