-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kube lint #39
base: master
Are you sure you want to change the base?
Kube lint #39
Conversation
You'll need to bump the chart version as well. Please bump the minor version for this change. |
done |
Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com>
Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com>
Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com>
ah, I didn't realize you actually require the containers to run under root with the default settings. That's why the tests are currently failing, so I am setting it to |
I notice that the default CoreDNS deployment in EKS seems to have this security context: securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all Would that help get around some of the downsides of not being able to set |
Hi, thanks for the PR. I believe that @sarahhodne approach will do the trick in working areound running as non root. Please rebase and bump the chart version |
before this change:
after this change:
Also updating the links in the comments, because the old ones no longer work (I've tried them all and they do work w/ the new k8s api docs)