File tree 3 files changed +10
-1
lines changed 3 files changed +10
-1
lines changed Original file line number Diff line number Diff line change 24
24
prometheus.io/scrape : " true"
25
25
{{ end }}
26
26
spec :
27
+ {{- if .Values.securityContext.runAsNonRoot }}
27
28
securityContext :
28
29
fsGroup : 1000
30
+ {{- end }}
29
31
serviceAccountName : {{ include "backupRestore.serviceAccountName" . }}
30
32
{{- if .Values.imagePullSecrets }}
31
33
imagePullSecrets :
40
42
imagePullPolicy : {{ default "Always" .Values.imagePullPolicy }}
41
43
securityContext :
42
44
allowPrivilegeEscalation : false
45
+ {{- if .Values.securityContext.runAsNonRoot }}
43
46
runAsNonRoot : true
44
47
runAsUser : 1000
45
48
runAsGroup : 1000
49
+ {{- end }}
46
50
ports :
47
51
- containerPort : 8080
48
52
args :
Original file line number Diff line number Diff line change @@ -90,3 +90,9 @@ monitoring:
90
90
additionalLabels : {}
91
91
metricRelabelings : []
92
92
relabelings : []
93
+
94
+ securityContext :
95
+ # # When persisting backup files to a PVC of type HostPath, set securityContext.runAsNonRoot to false.
96
+ # # Only processes running as 'root' can write to HostPath PVCs so Backups will fail in that scenario if not running as 'root'.
97
+ # # However, this goes against Kubernetes security best practices and should be avoided whenever possible.
98
+ runAsNonRoot : true
Original file line number Diff line number Diff line change @@ -12,5 +12,4 @@ RUN ./scripts/build
12
12
13
13
FROM registry.suse.com/bci/bci-micro:latest
14
14
COPY --from=builder /usr/src/app/bin/backup-restore-operator /usr/bin/
15
- USER 1000
16
15
ENTRYPOINT ["backup-restore-operator" ]
You can’t perform that action at this time.
0 commit comments