seldon-core icon indicating copy to clipboard operation
seldon-core copied to clipboard
verified publisher icon SeldonIO

How to set allowPrivilegeEscalation: false for seldon-v2-runtime core components?

Open arodindev opened this issue 1 year ago • 0 comments

The Deployments of the core components, created via

helm install seldon-v2-runtime seldon-charts/seldon-core-v2-runtime --namespace seldon-mesh --set pipelinegateway.disable=true --set dataflow.disable=true

are not able to create the Pods because our gatekeeper requires containers to have allowPrivilegeEscalation: false. Otherwise our ReplicaSets throw an error. For example:

Privilege escalation container is not allowed: hodometer

We can patch them manually to make it work but this does not seem like a good solution:

kubectl patch replicaset -n seldon-mesh hodometer-6b788cfccf -p='{
  "spec": {
    "template": {
      "spec": {
        "containers": [
          {
            "name": "hodometer",
            "securityContext": {
              "allowPrivilegeEscalation": false
            }
          }
        ]
      }
    }
  }
}'

We would like to set this via Helm - is it possible?

arodindev avatar Oct 19 '24 18:10 arodindev