mirror of
https://github.com/bitnami/charts.git
synced 2026-03-14 14:57:22 +08:00
[bitnami/grafana-tempo] feat: ✨ 🔒 Add readOnlyRootFilesystem support (#23911)
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
813259c6c7
commit
50032d7200
@@ -39,4 +39,4 @@ maintainers:
|
||||
name: grafana-tempo
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/grafana-tempo
|
||||
version: 2.10.3
|
||||
version: 2.11.0
|
||||
|
||||
@@ -150,6 +150,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `compactor.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `compactor.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `compactor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `compactor.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `compactor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `compactor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `compactor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
@@ -243,6 +244,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `distributor.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `distributor.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `distributor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `distributor.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `distributor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `distributor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `distributor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
@@ -339,6 +341,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `metricsGenerator.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `metricsGenerator.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `metricsGenerator.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `metricsGenerator.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `metricsGenerator.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `metricsGenerator.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `metricsGenerator.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
@@ -434,6 +437,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `ingester.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `ingester.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `ingester.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `ingester.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `ingester.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `ingester.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `ingester.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
@@ -541,6 +545,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `querier.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `querier.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `querier.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `querier.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `querier.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `querier.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `querier.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
@@ -636,6 +641,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `queryFrontend.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `queryFrontend.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `queryFrontend.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `queryFrontend.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `queryFrontend.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `queryFrontend.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `queryFrontend.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
@@ -703,6 +709,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `queryFrontend.query.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `queryFrontend.query.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `queryFrontend.query.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `queryFrontend.query.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `queryFrontend.query.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `queryFrontend.query.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `queryFrontend.query.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
@@ -786,6 +793,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `vulture.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `vulture.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `vulture.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `vulture.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `vulture.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `vulture.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `vulture.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
|
||||
@@ -143,14 +143,19 @@ spec:
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: tempo-config
|
||||
mountPath: /bitnami/grafana-tempo/conf/tempo.yaml
|
||||
subPath: tempo.yaml
|
||||
- name: overrides-config
|
||||
mountPath: /bitnami/grafana-tempo/conf/overrides.yaml
|
||||
subPath: overrides.yaml
|
||||
- name: data
|
||||
# NOTE: The upstream chart does not create a PVC for this, we assume that it is just for tmp data
|
||||
- name: empty-dir
|
||||
mountPath: {{ .Values.tempo.dataDir }}
|
||||
subPath: app-data-dir
|
||||
{{- if .Values.compactor.extraVolumeMounts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.compactor.extraVolumeMounts "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
@@ -158,8 +163,7 @@ spec:
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.compactor.sidecars "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
# NOTE: The upstream chart does not create a PVC for this, we assume that it is just for tmp data
|
||||
- name: data
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
- name: tempo-config
|
||||
configMap:
|
||||
|
||||
@@ -184,6 +184,12 @@ spec:
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.distributor.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
# NOTE: The upstream chart does not create a PVC for this, we assume that it is just for tmp data
|
||||
- name: empty-dir
|
||||
mountPath: /bitnami/grafana-tempo/data
|
||||
subPath: app-data-dir
|
||||
- name: tempo-config
|
||||
mountPath: /bitnami/grafana-tempo/conf/tempo.yaml
|
||||
subPath: tempo.yaml
|
||||
@@ -197,6 +203,8 @@ spec:
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.distributor.sidecars "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
- name: tempo-config
|
||||
configMap:
|
||||
name: {{ template "grafana-tempo.tempoConfigmapName" . }}
|
||||
|
||||
@@ -94,6 +94,9 @@ spec:
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: data
|
||||
mountPath: {{ .Values.tempo.dataDir }}
|
||||
{{- end }}
|
||||
@@ -170,6 +173,9 @@ spec:
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.ingester.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: tempo-config
|
||||
mountPath: /bitnami/grafana-tempo/conf/tempo.yaml
|
||||
subPath: tempo.yaml
|
||||
@@ -185,6 +191,8 @@ spec:
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.ingester.sidecars "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
- name: tempo-config
|
||||
configMap:
|
||||
name: {{ template "grafana-tempo.tempoConfigmapName" . }}
|
||||
|
||||
@@ -144,6 +144,9 @@ spec:
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.metricsGenerator.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: tempo-config
|
||||
mountPath: /bitnami/grafana-tempo/conf/tempo.yaml
|
||||
subPath: tempo.yaml
|
||||
@@ -159,6 +162,8 @@ spec:
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.metricsGenerator.sidecars "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
- name: data
|
||||
emptyDir: {}
|
||||
- name: tempo-config
|
||||
|
||||
@@ -144,14 +144,19 @@ spec:
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.querier.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: tempo-config
|
||||
mountPath: /bitnami/grafana-tempo/conf/tempo.yaml
|
||||
subPath: tempo.yaml
|
||||
- name: overrides-config
|
||||
mountPath: /bitnami/grafana-tempo/conf/overrides.yaml
|
||||
subPath: overrides.yaml
|
||||
- name: data
|
||||
# NOTE: The upstream chart does not create a PVC for this, we assume that it is just for tmp data
|
||||
- name: empty-dir
|
||||
mountPath: {{ .Values.tempo.dataDir }}
|
||||
subPath: app-data-dir
|
||||
{{- if .Values.querier.extraVolumeMounts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.querier.extraVolumeMounts "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
@@ -159,8 +164,7 @@ spec:
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.querier.sidecars "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
# NOTE: The upstream chart does not create a PVC for this, we assume that it is just for tmp data
|
||||
- name: data
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
- name: tempo-config
|
||||
configMap:
|
||||
|
||||
@@ -146,6 +146,13 @@ spec:
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
# NOTE: The upstream chart does not create a PVC for this, we assume that it is just for tmp data
|
||||
- name: empty-dir
|
||||
mountPath: /bitnami/grafana-tempo/data
|
||||
subPath: app-data-dir
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: tempo-config
|
||||
mountPath: /bitnami/grafana-tempo/conf/tempo.yaml
|
||||
subPath: tempo.yaml
|
||||
@@ -225,6 +232,9 @@ spec:
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.query.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: tempo-query-config
|
||||
mountPath: /bitnami/grafana-tempo/conf
|
||||
{{- if .Values.queryFrontend.query.extraVolumeMounts }}
|
||||
@@ -234,6 +244,8 @@ spec:
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.sidecars "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
- name: tempo-config
|
||||
configMap:
|
||||
name: {{ template "grafana-tempo.tempoConfigmapName" . }}
|
||||
|
||||
@@ -142,6 +142,9 @@ spec:
|
||||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.vulture.lifecycleHooks "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: tempo-config
|
||||
mountPath: /bitnami/grafana-tempo/conf
|
||||
{{- if .Values.vulture.extraVolumeMounts }}
|
||||
@@ -151,6 +154,8 @@ spec:
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.vulture.sidecars "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
- name: tempo-config
|
||||
configMap:
|
||||
name: {{ template "grafana-tempo.tempoConfigmapName" . }}
|
||||
|
||||
@@ -364,6 +364,7 @@ compactor:
|
||||
## @param compactor.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param compactor.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param compactor.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param compactor.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
||||
## @param compactor.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param compactor.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param compactor.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
@@ -375,6 +376,7 @@ compactor:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
@@ -708,6 +710,7 @@ distributor:
|
||||
## @param distributor.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param distributor.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param distributor.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param distributor.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
||||
## @param distributor.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param distributor.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param distributor.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
@@ -719,6 +722,7 @@ distributor:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
@@ -1058,6 +1062,7 @@ metricsGenerator:
|
||||
## @param metricsGenerator.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param metricsGenerator.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param metricsGenerator.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param metricsGenerator.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
||||
## @param metricsGenerator.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param metricsGenerator.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param metricsGenerator.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
@@ -1069,6 +1074,7 @@ metricsGenerator:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
@@ -1403,6 +1409,7 @@ ingester:
|
||||
## @param ingester.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param ingester.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param ingester.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param ingester.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
||||
## @param ingester.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param ingester.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param ingester.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
@@ -1414,6 +1421,7 @@ ingester:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
@@ -1790,6 +1798,7 @@ querier:
|
||||
## @param querier.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param querier.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param querier.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param querier.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
||||
## @param querier.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param querier.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param querier.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
@@ -1801,6 +1810,7 @@ querier:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
@@ -2138,6 +2148,7 @@ queryFrontend:
|
||||
## @param queryFrontend.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param queryFrontend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param queryFrontend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param queryFrontend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
||||
## @param queryFrontend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param queryFrontend.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param queryFrontend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
@@ -2149,6 +2160,7 @@ queryFrontend:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
@@ -2381,6 +2393,7 @@ queryFrontend:
|
||||
## @param queryFrontend.query.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param queryFrontend.query.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param queryFrontend.query.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param queryFrontend.query.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
||||
## @param queryFrontend.query.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param queryFrontend.query.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param queryFrontend.query.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
@@ -2392,6 +2405,7 @@ queryFrontend:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
@@ -2685,6 +2699,7 @@ vulture:
|
||||
## @param vulture.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param vulture.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param vulture.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param vulture.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
||||
## @param vulture.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param vulture.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param vulture.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
@@ -2696,6 +2711,7 @@ vulture:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
|
||||
Reference in New Issue
Block a user