configuration for securityContext in the CRD for all pods created by operator #1075
Comments
|
Hello @adabuleanu ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem Statement
I want to be able to set
securityContextso pods can be set up to run as NonRoot for security reasons. There are a couple of places where there is no such configuration possible, although there do not seem to be obvious restrictions. Example: the CruiseControler monitoring config init-container is configured using .spec.monitoringConfig which does not support a securityContext. There are most likely other places where security configuration is not possible to add.Proposed Solution
Add ability to configure the
securityContextto all containers and init-containers created by the operator.Alternatives Considered
Ideally it would be to have the ability to configure the
KafkaClusterCR so that it would pass therestrictedprofile of Pod Security Standards.Additional Context
A similar initiative is tracked in #430 and #138 and implemented in #527 but does not covered all scenarios (see above described scenario). An ideal test would be that all containers pass PSS.
The text was updated successfully, but these errors were encountered: