improve RabbitmqCluster default securitycontext

By default, the rabbitmq cluster `StatefulSet` gets created with this pod security context:

```
securityContext:
    runAsUser: 999
    fsGroup: 0
```

I tested this configuration today:

```
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
  name: rabbitmq
  namespace: rabbitmq
spec:
  override:
    statefulSet:
      spec:
        template:
          spec:
            securityContext:
              runAsNonRoot: true
              runAsUser: 999
              runAsGroup: 999
              fsGroup: 999
              seccompProfile:
                type: RuntimeDefault
            initContainers:
            - name: setup-container
              securityContext:
                allowPrivilegeEscalation: false
                capabilities:
                  drop:
                    - ALL
                privileged: false
                readOnlyRootFilesystem: true
            containers:
            - name: rabbitmq
              securityContext:
                allowPrivilegeEscalation: false
                capabilities:
                  drop:
                    - ALL
                privileged: false
                readOnlyRootFilesystem: true
```

I think a configuration like this can be included in the operator. I understand if not all of these can be included for all types of kubernetes clusters by default, but there is room for improvement.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

improve RabbitmqCluster default securitycontext #1910

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

improve RabbitmqCluster default securitycontext #1910

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions