-
-
Notifications
You must be signed in to change notification settings - Fork 540
fix: set security context for init intercept #3803
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: set security context for init intercept #3803
Conversation
3334576
to
816a87b
Compare
816a87b
to
140425b
Compare
I suspect that this might be a breaking change. I would prefer to see an option to inject the securityContext as a whole from the helm-chart, similar to how we handle the agent:
logLevel:
resources: { }
initResources: { } Adding a initSecurityContext: {} here, inject its JSON as an environment variable unless empty in the deployment.yaml, and then add the logic needed to use that environment variable, would make the securityContext fully configurable. |
68b2fe7
to
62c0073
Compare
Signed-off-by: Sophian Mehboub <[email protected]>
a3bac92
to
7a92810
Compare
Signed-off-by: Sophian Mehboub <[email protected]>
7a92810
to
1b088e0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks promising, but it removes the default securityContext with the NET_ADMIN
capability. That's still a breaking change. The default must remain.
Signed-off-by: Sophian Mehboub <[email protected]>
c49fba9
to
6e7fa64
Compare
Hello @thallgren |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great. Thanks for providing this!
Fixes: #3804