Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Remove fsGroup from container level security context #140

Merged
merged 1 commit into from
May 29, 2019

Conversation

Crazybus
Copy link
Contributor

Fixes #136

Copy link
Contributor

@tylerjl tylerjl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed that a container that typically needs root probably doesn't need this 👍

@Crazybus Crazybus merged commit 4d6d768 into master May 29, 2019
@Crazybus
Copy link
Contributor Author

Agreed that a container that typically needs root probably doesn't need this 👍

Just to be clear since I wrongly didn't include the context in the PR (it was only in the issue). But setting the fsGroup here wasn't actually doing anything. The latest version of helm now validates whether or not the manifest is valid. Previously it was just silently ignored and dropped from the configuration. The fsGroup setting needs to go in spec.securityContext on the pod level and not in spec.containers[].securityContext

@Crazybus Crazybus deleted the outta_the_group branch May 29, 2019 07:03
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Filebeat: failed validation with Helm 2.14 / kubernet 1.14
2 participants