Add VGC security context
Change-Id: I2ede9b0f131a6244cee7b53f2d7ea0ab276d541d
Signed-off-by: abhayk <abhayk@radisys.com>
diff --git a/voltha-go-controller/Chart.yaml b/voltha-go-controller/Chart.yaml
index ffe12d6..2e40067 100644
--- a/voltha-go-controller/Chart.yaml
+++ b/voltha-go-controller/Chart.yaml
@@ -27,6 +27,6 @@
## Chart version for package voltha-stack
## Increment when Chart.yaml changes
-version: "0.1.6"
+version: "0.1.7"
# [EOF]
diff --git a/voltha-go-controller/templates/deployment.yaml b/voltha-go-controller/templates/deployment.yaml
index 0e2ffa0..8b28dc8 100644
--- a/voltha-go-controller/templates/deployment.yaml
+++ b/voltha-go-controller/templates/deployment.yaml
@@ -28,6 +28,12 @@
labels:
app: "{{ .Chart.Name }}"
spec:
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ runAsGroup: {{ .Values.securityContext.runAsGroup }}
+ fsGroup: {{ .Values.securityContext.fsGroup }}
+ {{- end }}
containers:
- args:
- "/app/voltha-go-controller"
@@ -69,10 +75,10 @@
name: voltha-go-controller
image: '{{ tpl .Values.images.voltha_go_controller.registry . }}{{ tpl .Values.images.voltha_go_controller.repository . }}:{{ tpl ( tpl .Values.images.voltha_go_controller.tag . ) . }}'
imagePullPolicy: {{ tpl .Values.images.voltha_go_controller.pullPolicy . }}
+ {{- if .Values.securityContext.enabled }}
securityContext:
- runAsUser: {{ .Values.securityContext.runAsUser }}
- runAsGroup: {{ .Values.securityContext.runAsGroup }}
- fsGroup: {{ .Values.securityContext.fsGroup }}
+ allowPrivilegeEscalation: false
+ {{- end }}
ports:
- containerPort: {{ .Values.voltha_go_controller.sshPort }}
name: ssh-port