calico icon indicating copy to clipboard operation
calico copied to clipboard
Published 1 month ago verified publisher icon projectcalico

Improvement: Ability to set SecurityContext

Open OS-marcelopereira opened this issue 2 years ago • 4 comments

Improvement: Ability to set SecurityContext

Expected Behavior

I have a usecase where I need to set a SecurityContext block on the APIServer deployment, the apiserver container and componentResources, in order to comply with security requitements.

Looking at the documentation, I see that such a thing is not available for the APIServerDeploymentContainer, APIServerDeploymentContainer and APIServerDeploymentContainer

Is this something that might be possible in the future?

Calico version: v3.24.5

OS-marcelopereira avatar Feb 03 '23 17:02 OS-marcelopereira

Yep, looks like we hard-code a security context here: https://github.com/tigera/operator/blob/master/pkg/render/apiserver.go#L940

It should be possible to expose an option for this, although we need to be careful not to expose an option that can easily break user's clusters.

caseydavenport avatar Feb 09 '23 17:02 caseydavenport

https://github.com/tigera/operator/issues/2720

clayvan avatar Nov 20 '23 20:11 clayvan

is there any update on this?

flo-mic avatar Feb 29 '24 12:02 flo-mic

Just waiting on someone to pick up the torch for this one - I think it's generally agreed to be a good thing. Any takers?

caseydavenport avatar Mar 01 '24 21:03 caseydavenport

This issue is stale because it is kind/enhancement or kind/bug and has been open for 180 days with no activity.

github-actions[bot] avatar Jun 09 '25 12:06 github-actions[bot]

This issue was closed because it has been inactive for 30 days since being marked as stale.

github-actions[bot] avatar Jul 09 '25 12:07 github-actions[bot]