Set securityContext for deployer and ui

When pod security policies are used, the default restricted policy does not allow root permissions. Even when a more permissive policy is assigned to the service account, we need to inform k8s that we need root permissions so that the correct policy can be selected. Signed-off-by: Aaron Spettl <aaron@spettl.de>
2020-05-01 12:03:54 +02:00 · 2020-05-01 12:03:54 +02:00 · 1867b85110
commit 1867b85110
parent 5e67c380a8
3 changed files with 8 additions and 0 deletions
--- a/chart/templates/deployment-driver.yaml
+++ b/chart/templates/deployment-driver.yaml
@ -79,3 +79,5 @@ spec:
      - name: {{ .Values.defaultSettings.registrySecret }}
      {{- end }}
      serviceAccountName: longhorn-service-account
+      securityContext:
+        runAsUser: 0
--- a/chart/templates/deployment-ui.yaml
+++ b/chart/templates/deployment-ui.yaml
@ -19,6 +19,8 @@ spec:
      - name: longhorn-ui
        image: "{{ .Values.image.longhorn.ui }}:{{ .Values.image.longhorn.uiTag }}"
        imagePullPolicy: Always
+        securityContext:
+          runAsUser: 0
        ports:
        - containerPort: 8000
          name: http
--- a/deploy/longhorn.yaml
+++ b/deploy/longhorn.yaml
@ -348,6 +348,8 @@ spec:
      - name: longhorn-ui
        image: longhornio/longhorn-ui:v0.8.1
        imagePullPolicy: Always
+        securityContext:
+          runAsUser: 0
        ports:
        - containerPort: 8000
          name: http
@ -439,6 +441,8 @@ spec:
      #imagePullSecrets:
      #- name:
      serviceAccountName: longhorn-service-account
+      securityContext:
+        runAsUser: 0
 ---
 kind: StorageClass
 apiVersion: storage.k8s.io/v1