Details
-
Improvement
-
Status: Done
-
Medium
-
Resolution: Done
-
1.12.0
-
None
-
None
-
Yes
-
Yes
-
Yes
Description
It's not possible at the moment to apply securityContext configuration to the MongoDB init container. For the other containers (e.g. the operator, mongod, backup and any custom sidecars) it is possible to configure it, refer to the example config below.
For security purposes, it would be great to be able to configure securityContext for all containers in the yaml config, either globally for all containers or per individual container.
Working current configuration:
Operator:
spec:
template:
spec:
containers:
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop:
- ALL
MongoDB cluster:
spec:
replsets:
podSecurityContext:
runAsNonRoot: true
containerSecurityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop:
- ALL
replsets:
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop:
- ALL
backup:
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop:
- ALL
Attachments
Issue Links
- mentioned in
-
Page Loading...