Skip to content

Commit

Permalink
[stable/nginx-ingress] Add variable for allowPrivilegeEscalation (#12…
Browse files Browse the repository at this point in the history
…435)

* Add allowPrivilegeEscalation as variable

Adds variable for allowPrivilegeEscalation which allows to use NET_BIND_SERVICE with a PodSecurityPolicy which forbids privilege escalation.

Signed-off-by: Markus Blaschke <[email protected]>

* Set allowPrivilegeEscalation to true

Should be enabled as NET_BIND_SERVICE is active by default

Signed-off-by: Markus Blaschke <[email protected]>
  • Loading branch information
mblaschke authored and k8s-ci-robot committed Jul 23, 2019
1 parent 32700cb commit 1a89585
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 1 deletion.
2 changes: 1 addition & 1 deletion wallarm-ingress/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: nginx-ingress
version: 1.11.0
version: 1.11.1
appVersion: 0.25.0
home: https://github.com/kubernetes/ingress-nginx
description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration.
Expand Down
1 change: 1 addition & 0 deletions wallarm-ingress/templates/controller-daemonset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ spec:
add:
- NET_BIND_SERVICE
runAsUser: {{ .Values.controller.image.runAsUser }}
allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
{{- end }}
env:
- name: POD_NAME
Expand Down
1 change: 1 addition & 0 deletions wallarm-ingress/templates/controller-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ spec:
add:
- NET_BIND_SERVICE
runAsUser: {{ .Values.controller.image.runAsUser }}
allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
{{- end }}
env:
- name: POD_NAME
Expand Down
1 change: 1 addition & 0 deletions wallarm-ingress/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ controller:
pullPolicy: IfNotPresent
# www-data -> uid 33
runAsUser: 33
allowPrivilegeEscalation: true

# Configures the ports the nginx-controller listens on
containerPort:
Expand Down

0 comments on commit 1a89585

Please sign in to comment.