Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add securityContext for init and sidecar containers #1651

Merged
merged 1 commit into from
Jun 27, 2023

Conversation

shtripat
Copy link
Contributor

If we run operator in k8s 1.25.x that has PSA, minio is unable to run in a restricted namespace. This would allow MinIO to run in restricted namespace by using allowPrivilegeEscalation: false

apiVersion: v1
kind: Pod
metadata:
  name: <Pod name>
spec:
  containers:
  - name: <container name>
    image: <image>
    securityContext:
      allowPrivilegeEscalation: false

Fixes: #1606

If we run operator in k8s 1.25.x that has PSA, minio is unable
to run in a restricted namespace. This would allow MinIO to run
in restricted namespace by using `allowPrivilegeEscalation: false`

```
apiVersion: v1
kind: Pod
metadata:
  name: <Pod name>
spec:
  containers:
  - name: <container name>
    image: <image>
    securityContext:
      allowPrivilegeEscalation: false
```

Signed-off-by: Shubhendu Ram Tripathi <shubhendu@minio.io>
@dvaldivia dvaldivia requested a review from jiuker June 22, 2023 18:16
@jiuker jiuker self-requested a review June 24, 2023 01:31
@pjuarezd pjuarezd merged commit ff7a2c7 into minio:master Jun 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Init containers and sidecar containers are missing container security context
4 participants