sdgoij/rustfs
1
0
Fork 0
mirror of https://github.com/rustfs/rustfs.git synced 2026-01-16 17:20:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

enhance security context part for k8s deployment (#850)

Browse Source
This commit is contained in:
majinghe
2025-11-13 18:18:19 +08:00
committed by GitHub
parent d4817a4bea
commit 93090adf7c
2 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
helm/rustfs/templates/statefulset.yaml
View File

@@ -52,8 +52,10 @@ spec:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
command: ["/usr/bin/rustfs"] command: ["/usr/bin/rustfs"]
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.securityContext }}
securityContext: securityContext:
runAsUser: 1000 {{- toYaml .Values.securityContext | nindent 12 }}
{{- end }}
ports: ports:
- containerPort: {{ .Values.service.ep_port }} - containerPort: {{ .Values.service.ep_port }}
name: endpoint name: endpoint

13
helm/rustfs/values.yaml
View File

@@ -59,13 +59,12 @@ podSecurityContext:
# fsGroup: 2000 # fsGroup: 2000
securityContext: securityContext:
{} capabilities:
# capabilities: drop:
# drop: - ALL
# - ALL readOnlyRootFilesystem: true
# readOnlyRootFilesystem: true runAsNonRoot: true
# runAsNonRoot: true runAsUser: 1000
# runAsUser: 1000
service: service:
type: NodePort type: NodePort