-
Notifications
You must be signed in to change notification settings - Fork 662
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RunAsUser and RunAsGroup not exposed from helm chart deployment #1065
Comments
thanks for bring it here, i will have a check and update soon |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close not-planned |
@k8s-triage-robot: Closing this issue, marking it as "Not Planned". In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Is your feature request related to a problem? Please describe.
The securityContext defined here in the helm chart template for deployment doesn't have runAsUser and runAsGroup defined. As a security best practice, it would be great if we could run the processes as non-root. In fact, a user of 1000 is defined in Dockerfile here but not defined in the template.
Describe the solution you'd like
An ideal solution is to offer the securityContext block from values.yaml instead of being hardcoded in the deployment template
Describe alternatives you've considered
Not defining a runAsUser and runAsGroup (which is not ideal in our case)
What version of descheduler are you using?
descheduler version: 0.26.0
Additional context
None
The text was updated successfully, but these errors were encountered: