File tree Expand file tree Collapse file tree 1 file changed +49
-12
lines changed
manifests/ha/base/redis-ha/chart Expand file tree Collapse file tree 1 file changed +49
-12
lines changed Original file line number Diff line number Diff line change @@ -1099,8 +1099,14 @@ spec:
10991099 - sh
11001100 args :
11011101 - /readonly/haproxy_init.sh
1102- securityContext :
1103- null
1102+ securityContext :
1103+ allowPrivilegeEscalation : false
1104+ capabilities :
1105+ drop :
1106+ - ALL
1107+ runAsNonRoot : true
1108+ seccompProfile :
1109+ type : RuntimeDefault
11041110 volumeMounts :
11051111 - name : config-volume
11061112 mountPath : /readonly
@@ -1111,8 +1117,14 @@ spec:
11111117 - name : haproxy
11121118 image : public.ecr.aws/docker/library/haproxy:2.6.17-alpine
11131119 imagePullPolicy : IfNotPresent
1114- securityContext :
1115- null
1120+ securityContext :
1121+ allowPrivilegeEscalation : false
1122+ capabilities :
1123+ drop :
1124+ - ALL
1125+ runAsNonRoot : true
1126+ seccompProfile :
1127+ type : RuntimeDefault
11161128 env :
11171129 - name : AUTH
11181130 valueFrom :
@@ -1215,8 +1227,15 @@ spec:
12151227 - sh
12161228 args :
12171229 - /readonly-config/init.sh
1218- securityContext :
1219- null
1230+ securityContext :
1231+ allowPrivilegeEscalation : false
1232+ capabilities :
1233+ drop :
1234+ - ALL
1235+ runAsNonRoot : true
1236+ runAsUser : 1000
1237+ seccompProfile :
1238+ type : RuntimeDefault
12201239 env :
12211240 - name : SENTINEL_ID_0
12221241 value : 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
@@ -1245,8 +1264,14 @@ spec:
12451264 - redis-server
12461265 args :
12471266 - /data/conf/redis.conf
1248- securityContext :
1249- null
1267+ securityContext :
1268+ allowPrivilegeEscalation : false
1269+ capabilities :
1270+ drop :
1271+ - ALL
1272+ runAsNonRoot : true
1273+ seccompProfile :
1274+ type : RuntimeDefault
12501275 env :
12511276 - name : AUTH
12521277 valueFrom :
@@ -1301,8 +1326,14 @@ spec:
13011326 - redis-sentinel
13021327 args :
13031328 - /data/conf/sentinel.conf
1304- securityContext :
1305- null
1329+ securityContext :
1330+ allowPrivilegeEscalation : false
1331+ capabilities :
1332+ drop :
1333+ - ALL
1334+ runAsNonRoot : true
1335+ seccompProfile :
1336+ type : RuntimeDefault
13061337 env :
13071338 - name : AUTH
13081339 valueFrom :
@@ -1356,8 +1387,14 @@ spec:
13561387 - sh
13571388 args :
13581389 - /readonly-config/fix-split-brain.sh
1359- securityContext :
1360- null
1390+ securityContext :
1391+ allowPrivilegeEscalation : false
1392+ capabilities :
1393+ drop :
1394+ - ALL
1395+ runAsNonRoot : true
1396+ seccompProfile :
1397+ type : RuntimeDefault
13611398 env :
13621399 - name : SENTINEL_ID_0
13631400 value : 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
You can’t perform that action at this time.
0 commit comments