Adding privileged, allowPrivilegedEscalation and readOnlyRootFilesyst… (

#473) Adding privileged, allowPrivilegedEscalation and readOnlyRootFilesystem to container security context, also adjusting deployment.yaml ##### ISSUE TYPE - Feature Pull Request ##### SUMMARY Need to add more granular control to the container's security context. I'd need to add these extra attributes as well as liveness and readiness probes. Is this is something that can be included in the code? thank you !
kubeshop · Apr 24, 2021 · 6d7c338 · 6d7c338
1 parent 9f9d372
commit 6d7c338
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/helm/botkube/templates/deployment.yaml b/helm/botkube/templates/deployment.yaml
@@ -40,6 +40,10 @@ spec:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.containerSecurityContext }}
+          securityContext:
+          {{- toYaml .Values.containerSecurityContext | nindent 12 }}
+          {{ end }}
           volumeMounts:
             - name: config-volume
               mountPath: "/config"

diff --git a/helm/botkube/values.yaml b/helm/botkube/values.yaml
@@ -27,6 +27,11 @@ securityContext:
   runAsUser: 101
   runAsGroup: 101
 
+containerSecurityContext:
+  privileged: false
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+
 # set one of the log levels- info, warn, debug, error, fatal, panic
 logLevel: info