Add container security context. Fix typo.

alexeyNsorokin · alexeyNsorokin · commit 6e0d370e710f · 2020-09-09T09:11:39.000+03:00
diff --git a/chart/redis-cluster-operator/templates/operator.yaml b/chart/redis-cluster-operator/templates/operator.yaml
@@ -14,11 +14,13 @@ spec:
     spec:
       serviceAccountName: {{ .Values.operator.service_account_name }}
       securityContext:
-        {{- .Values.operator.securityContext | toYaml | nindent  }}
+        {{- .Values.operator.podsecurityContext | toYaml | nindent 8 }}
       containers:
         - name: {{ .Values.operator.name }}
           # Replace this with the built image name
           image: {{ .Values.operator.image_source }}:{{ .Values.operator.image_tag }}
+          securityContext:
+            {{- .Values.operator.containersecurityContext | toYaml | nindent 14 }}
           command:
           - redis-cluster-operator
           args:
diff --git a/chart/redis-cluster-operator/values.yaml b/chart/redis-cluster-operator/values.yaml
@@ -14,11 +14,16 @@ operator:
     requests:
       cpu: 100m
       memory: 100Mi
-  securityContext:
+  podsecurityContext:
     runAsUser: 1100
     runAsGroup: 1100
     fsGroup: 1100
     supplementalGroups: [1100]
+  containersecurityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
 
 data:
   redis_conf: |-
