MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-13 07:50:15 -04:00
Code Issues Packages Projects Releases Wiki Activity

Allow setting readOnlyRootFilesystem in securityContext (#19437)

Browse Source
This commit is contained in:
Alexander Thaller 2024-04-08 18:31:05 +02:00 committed by GitHub
parent 787c44c39d
commit 78f177b8ee
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
helm/minio/templates/statefulset.yaml
View File

@ -191,6 +191,10 @@ spec:
value: {{ tpl $val $ | quote }} value: {{ tpl $val $ | quote }}
{{- end }} {{- end }}
resources: {{- toYaml .Values.resources | nindent 12 }} resources: {{- toYaml .Values.resources | nindent 12 }}
{{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
securityContext:
readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem | default false }}
{{- end }}
{{- with .Values.extraContainers }} {{- with .Values.extraContainers }}
{{- if eq (typeOf .) "string" }} {{- if eq (typeOf .) "string" }}
{{- tpl . $ | nindent 8 }} {{- tpl . $ | nindent 8 }}

1
helm/minio/values.yaml
View File

@ -249,6 +249,7 @@ securityContext:
runAsGroup: 1000 runAsGroup: 1000
fsGroup: 1000 fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch" fsGroupChangePolicy: "OnRootMismatch"
readOnlyRootFilesystem: false
# Additational pod annotations # Additational pod annotations
podAnnotations: {} podAnnotations: {}