github.com/kotalco/kotal@v0.3.0/controllers/shared/security_context.go

github.com/kotalco/kotal@v0.3.0/controllers/shared/security_context.go (about)

     1  package shared
     2  
     3  import corev1 "k8s.io/api/core/v1"
     4  
     5  // SecurityContext is the pod security policy used by all containers
     6  func SecurityContext() *corev1.PodSecurityContext {
     7  	var userId int64 = 1000
     8  	var groupId int64 = 3000
     9  	var fsGroupId int64 = 2000
    10  	var nonRoot = true
    11  	policy := corev1.FSGroupChangeOnRootMismatch
    12  
    13  	return &corev1.PodSecurityContext{
    14  		RunAsUser:           &userId,
    15  		RunAsGroup:          &groupId,
    16  		RunAsNonRoot:        &nonRoot,
    17  		FSGroup:             &fsGroupId,
    18  		FSGroupChangePolicy: &policy,
    19  	}
    20  }