Container SecurityContext seems not available #241
Labels
good first issue
Good for newcomers
Comments
|
Hey @timsn! adding that makes total sense! let me know if you want to take a stab at it. |
|
Hi @regadas I cloned the latest but still do not see the property "readOnlyRootFilesystem". I'm a newbie, so could you please confirm if it is already complete or work needs to be done? If work needs to be done, I can take a stab at it. Please let me know |
|
Hi @anythingbyme, yup this work is still pending. |
Need any assistance on implementing this change? Our teams are also looking for something similar so I implemented the change in our local build of the operator |
|
Hi @acherla would you mind making a PR for this? |
|
is the issue resolved? Can I work on this? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When looking through the FlinkCluster CRD I can see there are securityContext definitions for Jobmanager, Taskmanger and Job specs. All of these are of the type PodSecurityContext which is fine.
Besides that it would great to be able to set the corresponding Container SecurityContext as well. This would allow to set options like allowPrivilegeEscalation, readOnlyRootFilesystem, drop capabilities and others which are not available in the PodSecurityContext. This is important in some cluster environments like ours where we need to fulfill certain security policies.
The text was updated successfully, but these errors were encountered: