Adding security context to milvus-helm

Question

Adding security context to milvus-helm

omokshyna opened this issue 7 months ago · comments

I need to deploy milvus on kubernetes cluster that is being run through rancher. To do that I need to modify the security context both for the pod and the containers in the following way (below is an example values.yaml file):

apiVersion: apps/v1
kind: Deployment
metadata:
    name: example
spec:
  replicas: 1
  selector:
    matchLabels:
      app: example
  template:
    metadata:
      labels:
        app: example
    spec:
      securityContext: # Pod security context
        fsGroupChangePolicy: OnRootMismatch
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      containers:
      - image: ubuntu
        name: example
        securityContext: # Container security context
          runAsUser: 1000
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL

However, I am not exactly sure, how I should modify the sections of default values.yaml and which sections require these modifications. If there are any tips on that, they would be greatly appreciated.

Thank you very much in advance!

shaoyue · Answer 1 · Tue Jan 23 2024 13:21:23 GMT+0800 (China Standard Time)

This may require a patch to milvus https://github.com/milvus-io/milvus. Milvus image is now run in root by default.