Skip to content

Commit

Permalink
security context for init container not set
Browse files Browse the repository at this point in the history
  • Loading branch information
vivekr-splunk committed Feb 21, 2024
1 parent 464b9eb commit 19beb4a
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions pkg/splunk/enterprise/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -679,6 +679,10 @@ func setupInitContainer(podTemplateSpec *corev1.PodTemplateSpec, Image string, i
} else {
volMntName = fmt.Sprintf(splcommon.PvcNamePrefix, splcommon.EtcVolumeStorage)
}
// update security context
runAsUser := int64(41812)
runAsNonRoot := true
privileged := false
containerSpec := corev1.Container{
Image: Image,
ImagePullPolicy: corev1.PullPolicy(imagePullPolicy),
Expand All @@ -699,6 +703,23 @@ func setupInitContainer(podTemplateSpec *corev1.PodTemplateSpec, Image string, i
corev1.ResourceMemory: resource.MustParse("512Mi"),
},
},
SecurityContext: &corev1.SecurityContext{
RunAsUser: &runAsUser,
RunAsNonRoot: &runAsNonRoot,
AllowPrivilegeEscalation: &[]bool{false}[0],
Capabilities: &corev1.Capabilities{
Drop: []corev1.Capability{
"ALL",
},
Add: []corev1.Capability{
"NET_BIND_SERVICE",
},
},
Privileged: &privileged,
SeccompProfile: &corev1.SeccompProfile{
Type: corev1.SeccompProfileTypeRuntimeDefault,
},
},
}
podTemplateSpec.Spec.InitContainers = append(podTemplateSpec.Spec.InitContainers, containerSpec)
}
Expand Down

0 comments on commit 19beb4a

Please sign in to comment.