cdk8s-plus icon indicating copy to clipboard operation
cdk8s-plus copied to clipboard

Published 20 hours ago verified publisher icon cdk8s-team

SecurityContext of Deployment Should Be Used For Pods/Containers

Open akefirad opened this issue 1 year ago • 0 comments

Description of the feature or enhancement:

I'm not entirely sure, but shouldn't the security context of a Deployment object be used in its pods?

Use Case:

Let's say we have a Deployment object like below:

    const deployment = new Deployment(this, "deployment", {
      // some stuff here
      securityContext: {
        ensureNonRoot: false,
      },
    });

    // and
    deployment.addContainer({
      image: "foo",
      port: 8080,
    });

If you generate the manifest using the above, the pod still gets ensureNonRoot: true. Is that intended? Currently you have to set the property to false in both places; i.e. in Deployment and Container.

Proposed Solution:

Does it make sense to use the deployment security context as a default value for its pods?

Other:

N/A

  • [x] :wave: I may be able to implement this feature request
  • [ ] :warning: This feature might incur a breaking change

This is a :rocket: Feature Request

akefirad avatar May 31 '23 14:05 akefirad