Add container level security context for task and web deployments #1728
+147
−18
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
The security context settings offered today only provide the option to set pod level security context for web and task deployments. This PR adds the option to allow container level security context for all of the containers under web and task deployments.
fixes: #1413
fixes: #890
fixes: #571
fixes: #383
This change doesn't dictate the values and let the users decide and configure the values on need basis. This makes it a safer approach to implement without breaking any functionality
ISSUE TYPE
ADDITIONAL INFORMATION
Two of the existing variable settings will become irrelevant after this change:
redis_capabilities
can be covered underredis_security_context_settings
after this changetask_privileged
can be covered undertask_security_context_settings
after this change