security

package
v0.0.0-...-3669d16 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 28, 2024 License: BSD-2-Clause Imports: 2 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (

	// Generic container security contexts
	ContainerSecurityContext = &corev1.SecurityContext{
		AllowPrivilegeEscalation: pointer.Bool(false),
		Capabilities: &corev1.Capabilities{
			Drop: []corev1.Capability{
				"ALL",
			},
		},
	}

	// GenericPodSecurityContext defines pod level security context
	// for generic/other workloads (e.g. pre/post-upgrade jobs)
	GenericPodSecurityContext = &corev1.PodSecurityContext{
		RunAsNonRoot: pointer.Bool(true),
		SeccompProfile: &corev1.SeccompProfile{
			Type: corev1.SeccompProfileTypeRuntimeDefault,
		},
	}

	// DatabasePodSecurityContext defines pod level security context
	// for database workloads
	DatabasePodSecurityContext = &corev1.PodSecurityContext{
		RunAsNonRoot:        pointer.Bool(true),
		RunAsUser:           pointer.Int64(databaseUserId),
		RunAsGroup:          pointer.Int64(databaseUserId),
		FSGroup:             pointer.Int64(databaseUserId),
		FSGroupChangePolicy: &fsGroupChangePolicy,
		SeccompProfile: &corev1.SeccompProfile{
			Type: corev1.SeccompProfileTypeRuntimeDefault,
		},
	}
)

Functions

This section is empty.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.