securityContext - Code Search

helm/minio/templates/post-job.yaml

      {{- end }}
      {{- with .Values.postJob.tolerations }}
      tolerations: {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- if .Values.postJob.securityContext.enabled }}
      securityContext: {{ omit .Values.postJob.securityContext "enabled" | toYaml | nindent 12 }}
      {{- end }}
      volumes:
        - name: etc-path
          emptyDir: {}
        - name: tmp
          emptyDir: {}

Registered: Sun Nov 03 19:28:11 UTC 2024

- Last Modified: Thu Oct 10 15:48:31 UTC 2024

- 10.4K bytes

- Viewed (0)

github.com/minio/minio

helm/minio/values.yaml

nodeSelector: {}
tolerations: []
affinity: {}
topologySpreadConstraints: []

## Add stateful containers to have security context, if enabled MinIO will run as this
## user and group NOTE: securityContext is only enabled if persistence.enabled=true
securityContext:
  enabled: true
  runAsUser: 1000
  runAsGroup: 1000
  fsGroup: 1000
  fsGroupChangePolicy: "OnRootMismatch"

containerSecurityContext:
  readOnlyRootFilesystem: false

Registered: Sun Nov 03 19:28:11 UTC 2024

- Last Modified: Thu Oct 10 15:48:31 UTC 2024

- 18.8K bytes

- Viewed (1)

github.com/minio/minio

helm/minio/templates/deployment.yaml

      {{- end }}
      {{- if .Values.runtimeClassName }}
      runtimeClassName: "{{ .Values.runtimeClassName }}"
      {{- end }}
      {{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
      securityContext:
        {{ omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
      {{- end }}
      {{ if .Values.serviceAccount.create }}
      serviceAccountName: {{ .Values.serviceAccount.name }}

Registered: Sun Nov 03 19:28:11 UTC 2024

- Last Modified: Thu Oct 10 15:48:31 UTC 2024

- 8.6K bytes

- Viewed (0)

github.com/istio/istio

cni/pkg/plugin/plugin_dryrun_test.go

			pod.Spec.Containers[1].Env = tt.proxyEnv

			pod.Spec.Containers[1].SecurityContext = &corev1.SecurityContext{}

			if tt.customGID != nil {
				pod.Spec.Containers[1].SecurityContext.RunAsGroup = tt.customGID
			}

			if tt.customUID != nil {
				pod.Spec.Containers[1].SecurityContext.RunAsUser = tt.customUID
			}

Registered: Wed Nov 06 22:53:10 UTC 2024

- Last Modified: Tue Aug 27 16:44:45 UTC 2024

- 8.5K bytes

- Viewed (0)

github.com/minio/minio

helm/minio/templates/statefulset.yaml

      {{- end }}
      {{- if .Values.runtimeClassName }}
      runtimeClassName: "{{ .Values.runtimeClassName }}"
      {{- end }}
      {{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
      securityContext:
        {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
      {{- end }}
      {{- if .Values.serviceAccount.create }}
      serviceAccountName: {{ .Values.serviceAccount.name }}

Registered: Sun Nov 03 19:28:11 UTC 2024

- Last Modified: Fri Oct 11 12:21:05 UTC 2024

- 10.4K bytes

- Viewed (0)

github.com/istio/istio

cni/pkg/plugin/kubernetes.go

			for _, e := range c.Env {
				pi.ProxyEnvironments[e.Name] = e.Value
			}
			if len(c.Args) >= 2 && c.Args[0] == "proxy" {
				pi.ProxyType = c.Args[1]
			}
			if c.SecurityContext != nil {
				pi.ProxyUID = c.SecurityContext.RunAsUser
				pi.ProxyGID = c.SecurityContext.RunAsGroup
			}
		}
	}
	return pi
}

// containers fetches all containers in the pod.

Registered: Wed Nov 06 22:53:10 UTC 2024

- Last Modified: Thu Aug 01 18:38:14 UTC 2024

- 3.7K bytes

- Viewed (0)

github.com/minio/minio

helm-releases/minio-5.3.0.tgz

.Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" {{- end }} {{- if .Values.runtimeClassName }} runtimeClassName: "{{ .Values.runtimeClassName }}" {{- end }} {{- if and .Values.securityContext.enabled .Values.persistence.enabled }} securityContext: {{ omit .Values.securityContext "enabled" | toYaml | nindent 8 }} {{- end }} {{ if .Values.serviceAccount.create }} serviceAccountName: {{ .Values.serviceAccount.name }} {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ ...

Registered: Sun Nov 03 19:28:11 UTC 2024

- Last Modified: Fri Oct 11 12:21:05 UTC 2024

- 21.7K bytes

- Viewed (0)

github.com/istio/istio

manifests/addons/values-grafana.yaml

  GF_AUTH_BASIC_ENABLED: "false"
  GF_AUTH_ANONYMOUS_ENABLED: "true"
  GF_AUTH_ANONYMOUS_ORG_ROLE: Admin

# Expose on port 3000 to match the Istio docs
service:
  port: 3000

securityContext: null

# Set up out dashboards
dashboardProviders:
  dashboardproviders.yaml:
    apiVersion: 1
    providers:
      - name: "istio"
        orgId: 1
        folder: "istio"
        type: file

Registered: Wed Nov 06 22:53:10 UTC 2024

- Last Modified: Wed Jun 12 20:46:28 UTC 2024

- 1.7K bytes

- Viewed (0)

github.com/istio/istio

istioctl/pkg/describe/describe.go

		// Ref: https://istio.io/latest/docs/ops/deployment/requirements/#pod-requirements
		if container.Name != "istio-proxy" && container.Name != "istio-operator" {
			if container.SecurityContext != nil && container.SecurityContext.RunAsUser != nil {
				if *container.SecurityContext.RunAsUser == UserID {
					fmt.Fprintf(writer, "WARNING: User ID (UID) 1337 is reserved for the sidecar proxy.\n")
				}
			}
		}
	}

Registered: Wed Nov 06 22:53:10 UTC 2024

- Last Modified: Thu Oct 24 17:36:49 UTC 2024

- 50.6K bytes

- Viewed (0)

github.com/istio/istio

architecture/environments/operator.md

serviceAnnotations | [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
securityContext | [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)

These K8s setting are available for each component under the `k8s` field, for example:

Registered: Wed Nov 06 22:53:10 UTC 2024

- Last Modified: Mon Jul 29 21:11:35 UTC 2024

- 13.2K bytes

- Viewed (0)

Search Options