cdk8s-plus
cdk8s-plus copied to clipboard
SecurityContext of Deployment Should Be Used For Pods/Containers
Description of the feature or enhancement:
I'm not entirely sure, but shouldn't the security context of a Deployment object be used in its pods?
Use Case:
Let's say we have a Deployment object like below:
const deployment = new Deployment(this, "deployment", {
// some stuff here
securityContext: {
ensureNonRoot: false,
},
});
// and
deployment.addContainer({
image: "foo",
port: 8080,
});
If you generate the manifest using the above, the pod still gets ensureNonRoot: true
. Is that intended?
Currently you have to set the property to false in both places; i.e. in Deployment and Container.
Proposed Solution:
Does it make sense to use the deployment security context as a default value for its pods?
Other:
N/A
- [x] :wave: I may be able to implement this feature request
- [ ] :warning: This feature might incur a breaking change
This is a :rocket: Feature Request