public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

postgres-operator deployment template: run operator as non-root, and with readonly filesystem (#582)

This commit is contained in:
Erik Inge Bolsø 2019-06-14 15:47:08 +02:00 committed by Felix Kunde
parent 35a1f2cff8
commit 028b834ea6
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docker/Dockerfile
View File

@ -6,4 +6,9 @@ RUN apk --no-cache add ca-certificates
COPY build/* / COPY build/* /
RUN addgroup -g 1000 pgo
RUN adduser -D -u 1000 -G pgo -g 'Postgres operator' pgo
USER 1000:1000
ENTRYPOINT ["/postgres-operator"] ENTRYPOINT ["/postgres-operator"]

4
manifests/postgres-operator.yaml
View File

@ -21,6 +21,10 @@ spec:
limits: limits:
cpu: 2000m cpu: 2000m
memory: 500Mi memory: 500Mi
securityContext:
runAsUser: 1000
runAsNonRoot: true
readOnlyRootFilesystem: true
env: env:
# provided additional ENV vars can overwrite individual config map entries # provided additional ENV vars can overwrite individual config map entries
- name: CONFIG_MAP_NAME - name: CONFIG_MAP_NAME