Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-05 14:57:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/logstash] feat: Add support for PSA restricted policy (#20469)

Browse Source 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2023-10-31 14:01:26 +01:00
committed by GitHub
parent f767ed3ca9
commit e7c28b8b69
3 changed files with 142 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/logstash/Chart.yaml
View File

@@ -30,4 +30,4 @@ maintainers:
name: logstash
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/logstash
version: 5.5.11
version: 5.6.0

247
bitnami/logstash/README.md
View File

@@ -80,127 +80,132 @@ The command removes all the Kubernetes components associated with the chart and
### Logstash parameters
| Name | Description | Value |
| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `image.registry` | Logstash image registry | `REGISTRY_NAME` |
| `image.repository` | Logstash image repository | `REPOSITORY_NAME/logstash` |
| `image.digest` | Logstash image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Logstash image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `hostAliases` | Add deployment host aliases | `[]` |
| `configFileName` | Logstash configuration file name. It must match the name of the configuration file mounted as a configmap. | `logstash.conf` |
| `enableMonitoringAPI` | Whether to enable the Logstash Monitoring API or not Kubernetes cluster domain | `true` |
| `monitoringAPIPort` | Logstash Monitoring API Port | `9600` |
| `extraEnvVars` | Array containing extra env vars to configure Logstash | `[]` |
| `extraEnvVarsSecret` | To add secrets to environment | `""` |
| `extraEnvVarsCM` | To add configmaps to environment | `""` |
| `input` | Input Plugins configuration | `""` |
| `filter` | Filter Plugins configuration | `""` |
| `output` | Output Plugins configuration | `""` |
| `existingConfiguration` | Name of existing ConfigMap object with the Logstash configuration (`input`, `filter`, and `output` will be ignored). | `""` |
| `enableMultiplePipelines` | Allows user to use multiple pipelines | `false` |
| `extraVolumes` | Array to add extra volumes (evaluated as a template) | `[]` |
| `extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes, evaluated as a template) | `[]` |
| `serviceAccount.create` | Enable creation of ServiceAccount for Logstash pods | `true` |
| `serviceAccount.name` | The name of the service account to use. If not set and `create` is `true`, a name is generated | `""` |
| `serviceAccount.automountServiceAccountToken` | Allows automount of ServiceAccountToken on the serviceAccount created | `true` |
| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
| `containerPorts` | Array containing the ports to open in the Logstash container (evaluated as a template) | `[]` |
| `initContainers` | Add additional init containers to the Logstash pod(s) | `[]` |
| `sidecars` | Add additional sidecar containers to the Logstash pod(s) | `[]` |
| `replicaCount` | Number of Logstash replicas to deploy | `1` |
| `updateStrategy.type` | Update strategy type (`RollingUpdate`, or `OnDelete`) | `RollingUpdate` |
| `podManagementPolicy` | Pod management policy | `OrderedReady` |
| `podAnnotations` | Pod annotations | `{}` |
| `podLabels` | Extra labels for Logstash pods | `{}` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `affinity` | Affinity for pod assignment | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Tolerations for pod assignment | `[]` |
| `priorityClassName` | Pod priority | `""` |
| `schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `terminationGracePeriodSeconds` | In seconds, time the given to the Logstash pod needs to terminate gracefully | `""` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `podSecurityContext.enabled` | Enabled Logstash pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set Logstash pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled Logstash containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set Logstash containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set Logstash container's Security Context runAsNonRoot | `true` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `lifecycleHooks` | for the Logstash container(s) to automate configuration before or after startup | `{}` |
| `resources.limits` | The resources limits for the Logstash container | `{}` |
| `resources.requests` | The requested resources for the Logstash container | `{}` |
| `startupProbe.enabled` | Enable startupProbe | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `customStartupProbe` | Custom startup probe for the Web component | `{}` |
| `customLivenessProbe` | Custom liveness probe for the Web component | `{}` |
| `customReadinessProbe` | Custom readiness probe for the Web component | `{}` |
| `service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) | `ClusterIP` |
| `service.ports` | Logstash service ports (evaluated as a template) | `[]` |
| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `""` |
| `service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` |
| `service.externalTrafficPolicy` | External traffic policy, configure to Local to preserve client source IP when using an external loadBalancer | `""` |
| `service.clusterIP` | Static clusterIP or None for headless services | `""` |
| `service.annotations` | Annotations for Logstash service | `{}` |
| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `service.headless.annotations` | Annotations for the headless service. | `{}` |
| `persistence.enabled` | Enable Logstash data persistence using PVC | `false` |
| `persistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` |
| `persistence.storageClass` | PVC Storage Class for Logstash data volume | `""` |
| `persistence.accessModes` | PVC Access Mode for Logstash data volume | `["ReadWriteOnce"]` |
| `persistence.size` | PVC Storage Request for Logstash data volume | `2Gi` |
| `persistence.annotations` | Annotations for the PVC | `{}` |
| `persistence.mountPath` | Mount path of the Logstash data volume | `/bitnami/logstash/data` |
| `persistence.selector` | Selector to match an existing Persistent Volume for WordPress data PVC | `{}` |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.securityContext.runAsUser` | User ID for the volumePermissions init container | `0` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` |
| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` |
| `ingress.hostname` | Default host for the ingress resource | `logstash.local` |
| `ingress.path` | The Path to Logstash. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` |
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` |
| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` |
| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` |
| `ingress.extraRules` | The list of additional rules to be added to this ingress record. Evaluated as a template | `[]` |
| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` |
| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` |
| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
| `pdb.create` | If true, create a pod disruption budget for pods. | `false` |
| `pdb.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` |
| `pdb.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `""` |
| Name | Description | Value |
| --------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `image.registry` | Logstash image registry | `REGISTRY_NAME` |
| `image.repository` | Logstash image repository | `REPOSITORY_NAME/logstash` |
| `image.digest` | Logstash image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Logstash image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `hostAliases` | Add deployment host aliases | `[]` |
| `configFileName` | Logstash configuration file name. It must match the name of the configuration file mounted as a configmap. | `logstash.conf` |
| `enableMonitoringAPI` | Whether to enable the Logstash Monitoring API or not Kubernetes cluster domain | `true` |
| `monitoringAPIPort` | Logstash Monitoring API Port | `9600` |
| `extraEnvVars` | Array containing extra env vars to configure Logstash | `[]` |
| `extraEnvVarsSecret` | To add secrets to environment | `""` |
| `extraEnvVarsCM` | To add configmaps to environment | `""` |
| `input` | Input Plugins configuration | `""` |
| `filter` | Filter Plugins configuration | `""` |
| `output` | Output Plugins configuration | `""` |
| `existingConfiguration` | Name of existing ConfigMap object with the Logstash configuration (`input`, `filter`, and `output` will be ignored). | `""` |
| `enableMultiplePipelines` | Allows user to use multiple pipelines | `false` |
| `extraVolumes` | Array to add extra volumes (evaluated as a template) | `[]` |
| `extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes, evaluated as a template) | `[]` |
| `serviceAccount.create` | Enable creation of ServiceAccount for Logstash pods | `true` |
| `serviceAccount.name` | The name of the service account to use. If not set and `create` is `true`, a name is generated | `""` |
| `serviceAccount.automountServiceAccountToken` | Allows automount of ServiceAccountToken on the serviceAccount created | `true` |
| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
| `containerPorts` | Array containing the ports to open in the Logstash container (evaluated as a template) | `[]` |
| `initContainers` | Add additional init containers to the Logstash pod(s) | `[]` |
| `sidecars` | Add additional sidecar containers to the Logstash pod(s) | `[]` |
| `replicaCount` | Number of Logstash replicas to deploy | `1` |
| `updateStrategy.type` | Update strategy type (`RollingUpdate`, or `OnDelete`) | `RollingUpdate` |
| `podManagementPolicy` | Pod management policy | `OrderedReady` |
| `podAnnotations` | Pod annotations | `{}` |
| `podLabels` | Extra labels for Logstash pods | `{}` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `affinity` | Affinity for pod assignment | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Tolerations for pod assignment | `[]` |
| `priorityClassName` | Pod priority | `""` |
| `schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `terminationGracePeriodSeconds` | In seconds, time the given to the Logstash pod needs to terminate gracefully | `""` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `podSecurityContext.enabled` | Enabled Logstash pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set Logstash pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `lifecycleHooks` | for the Logstash container(s) to automate configuration before or after startup | `{}` |
| `resources.limits` | The resources limits for the Logstash container | `{}` |
| `resources.requests` | The requested resources for the Logstash container | `{}` |
| `startupProbe.enabled` | Enable startupProbe | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `customStartupProbe` | Custom startup probe for the Web component | `{}` |
| `customLivenessProbe` | Custom liveness probe for the Web component | `{}` |
| `customReadinessProbe` | Custom readiness probe for the Web component | `{}` |
| `service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) | `ClusterIP` |
| `service.ports` | Logstash service ports (evaluated as a template) | `[]` |
| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `""` |
| `service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` |
| `service.externalTrafficPolicy` | External traffic policy, configure to Local to preserve client source IP when using an external loadBalancer | `""` |
| `service.clusterIP` | Static clusterIP or None for headless services | `""` |
| `service.annotations` | Annotations for Logstash service | `{}` |
| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `service.headless.annotations` | Annotations for the headless service. | `{}` |
| `persistence.enabled` | Enable Logstash data persistence using PVC | `false` |
| `persistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` |
| `persistence.storageClass` | PVC Storage Class for Logstash data volume | `""` |
| `persistence.accessModes` | PVC Access Mode for Logstash data volume | `["ReadWriteOnce"]` |
| `persistence.size` | PVC Storage Request for Logstash data volume | `2Gi` |
| `persistence.annotations` | Annotations for the PVC | `{}` |
| `persistence.mountPath` | Mount path of the Logstash data volume | `/bitnami/logstash/data` |
| `persistence.selector` | Selector to match an existing Persistent Volume for WordPress data PVC | `{}` |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.securityContext.runAsUser` | User ID for the volumePermissions init container | `0` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` |
| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` |
| `ingress.hostname` | Default host for the ingress resource | `logstash.local` |
| `ingress.path` | The Path to Logstash. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` |
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` |
| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` |
| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` |
| `ingress.extraRules` | The list of additional rules to be added to this ingress record. Evaluated as a template | `[]` |
| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` |
| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` |
| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
| `pdb.create` | If true, create a pod disruption budget for pods. | `false` |
| `pdb.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` |
| `pdb.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `""` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,

18
bitnami/logstash/values.yaml
View File

@@ -321,14 +321,26 @@ podSecurityContext:
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param containerSecurityContext.enabled Enabled Logstash containers' Security Context
## @param containerSecurityContext.runAsUser Set Logstash containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set Logstash container's Security Context runAsNonRoot
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param command Override default container command (useful when using custom images)
##
command: []