Adding security context to milvus-helm
omokshyna opened this issue · comments
Olena Mokshyna commented
I need to deploy milvus on kubernetes cluster that is being run through rancher. To do that I need to modify the security context both for the pod and the containers in the following way (below is an example values.yaml file):
apiVersion: apps/v1
kind: Deployment
metadata:
name: example
spec:
replicas: 1
selector:
matchLabels:
app: example
template:
metadata:
labels:
app: example
spec:
securityContext: # Pod security context
fsGroupChangePolicy: OnRootMismatch
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- image: ubuntu
name: example
securityContext: # Container security context
runAsUser: 1000
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
However, I am not exactly sure, how I should modify the sections of default values.yaml and which sections require these modifications. If there are any tips on that, they would be greatly appreciated.
Thank you very much in advance!
shaoyue commented
This may require a patch to milvus https://github.com/milvus-io/milvus. Milvus image is now run in root by default.