Skip to content

Commit 41f2391

Browse files
lahwaaczlahwaacz
committed
set runAsNonRoot=true in addition to runAsUser/runAsGroup
The runAsNonRoot field is checked by the Pod Security Standards: https://kubernetes.io/docs/concepts/security/pod-security-standards/
1 parent bbc38ca commit 41f2391

File tree

1 file changed

+9
-0
lines changed

1 file changed

+9
-0
lines changed

jupyterhub/values.yaml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,7 @@ hub:
8989
pullSecrets: []
9090
resources: {}
9191
podSecurityContext:
92+
runAsNonRoot: true
9293
fsGroup: 1000
9394
containerSecurityContext:
9495
runAsUser: 1000
@@ -197,6 +198,7 @@ proxy:
197198
chp:
198199
revisionHistoryLimit:
199200
containerSecurityContext:
201+
runAsNonRoot: true
200202
runAsUser: 65534 # nobody user
201203
runAsGroup: 65534 # nobody group
202204
allowPrivilegeEscalation: false
@@ -250,6 +252,7 @@ proxy:
250252
traefik:
251253
revisionHistoryLimit:
252254
containerSecurityContext:
255+
runAsNonRoot: true
253256
runAsUser: 65534 # nobody user
254257
runAsGroup: 65534 # nobody group
255258
allowPrivilegeEscalation: false
@@ -300,6 +303,7 @@ proxy:
300303
extraPodSpec: {}
301304
secretSync:
302305
containerSecurityContext:
306+
runAsNonRoot: true
303307
runAsUser: 65534 # nobody user
304308
runAsGroup: 65534 # nobody group
305309
allowPrivilegeEscalation: false
@@ -480,6 +484,7 @@ scheduling:
480484
weight: 1
481485
type: MostAllocated
482486
containerSecurityContext:
487+
runAsNonRoot: true
483488
runAsUser: 65534 # nobody user
484489
runAsGroup: 65534 # nobody group
485490
allowPrivilegeEscalation: false
@@ -559,6 +564,7 @@ scheduling:
559564
labels: {}
560565
annotations: {}
561566
containerSecurityContext:
567+
runAsNonRoot: true
562568
runAsUser: 65534 # nobody user
563569
runAsGroup: 65534 # nobody group
564570
allowPrivilegeEscalation: false
@@ -595,6 +601,7 @@ prePuller:
595601
annotations: {}
596602
resources: {}
597603
containerSecurityContext:
604+
runAsNonRoot: true
598605
runAsUser: 65534 # nobody user
599606
runAsGroup: 65534 # nobody group
600607
allowPrivilegeEscalation: false
@@ -610,6 +617,7 @@ prePuller:
610617
pullPolicy:
611618
pullSecrets: []
612619
containerSecurityContext:
620+
runAsNonRoot: true
613621
runAsUser: 65534 # nobody user
614622
runAsGroup: 65534 # nobody group
615623
allowPrivilegeEscalation: false
@@ -627,6 +635,7 @@ prePuller:
627635
extraImages: {}
628636
pause:
629637
containerSecurityContext:
638+
runAsNonRoot: true
630639
runAsUser: 65534 # nobody user
631640
runAsGroup: 65534 # nobody group
632641
allowPrivilegeEscalation: false

0 commit comments

Comments
 (0)