-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow to specify securityContext for vaultConfigurer container #231
Comments
@ramizpolic any news on this? :) I think @msg-gregor is not the only one (we are at least 2 haha) to not be able to use bank-vaults in prod because of vaultConfigurerContainerSpec missing in a restricted environment. Would be amazing if faisable :) |
@fakeNews-jpg (cool nickname btw), yes, we will focus on this in the upcoming weeks, will share more details once we start working on it |
Along the same lines... feature request to also add it to the |
Preflight Checklist
Problem Description
Vault operator does not allow to specify securityContext for the vaultConfigurer pod container, it only allows to specify the podSecurityContext for the whole pod
This is not sufficient in all cases. For example, we deploy in a managed rancher kubernetes cluster with strict security policies. All containers are forced to have the following security profile or they won't be scheduled:
Some but not all of them can be set by using the pods security context on a pod level, however, e.g., allowPrivilegeEscalation and capabilities can only be set on a container level
This missing feature prevents us from using bank-vaults operator, because it is impossible for us to deploy the vaultConfigurer pod
Proposed Solution
Add a
vaultConfigurerContainerSpec
that allows to configure/extend container spec for vaultConfigurer - similar to the already existingvaultContainerSpec
- to theVaultSpec
APIAlternatives Considered
No response
Additional Information
No response
The text was updated successfully, but these errors were encountered: