mattermost-helm icon indicating copy to clipboard operation
mattermost-helm copied to clipboard

Published 20 hours ago verified publisher icon mattermost

feat: add configurable container security

Open dj95 opened this issue 7 months ago • 2 comments

Summary

Hi, this pull request introduces a configuration parameter in the values.yaml, that allows to configure the securityContext on pod level.

I've implemented this feature, as the pod level securityContext does not offer all parameters one can set on the container level. A few examples are runAsNonRoot, allowPrivilegeEscalation, capabilities or privileged. Especially when you thrive to harden the cluster it is important to restrict also the container especially with runAsNonRoot, allowPrivilegeEscalation and dropping all capabilities.

In case anything is missing or unclear, feel free to ask me :)

Ticket Link

Unfortunately I don't have a JIRA or ticket link, since this issue popped up while trying to harden the mattermost installation based on the helm chart.

dj95 avatar Jun 26 '24 16:06 dj95