Skip to content

Commit

Permalink
Merge pull request #77 from rhysm/securityContext
Browse files Browse the repository at this point in the history 
Add securityContext to make container run as non-root user.
  • Loading branch information
@omrikiei
omrikiei authored Feb 16, 2022
2 parents 0da3631 + 05b502b commit cb8f997
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions pkg/k8s/common.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ func newContainer(port int, image string, containerPorts []apiv1.ContainerPort,
cpuLimit.SetMilli(int64(1000))
memRequest.SetScaled(int64(100), resource.Mega)
memLimit.SetScaled(int64(1), resource.Giga)
containerUid := int64(1000)

return &apiv1.Container{
Name: "ktunnel",
Expand All @@ -165,6 +166,9 @@ func newContainer(port int, image string, containerPorts []apiv1.ContainerPort,
"memory": memLimit,
},
},
SecurityContext: &apiv1.SecurityContext{
RunAsUser: &containerUid,
},
}
}

Expand Down

0 comments on commit cb8f997

Please sign in to comment.