Skip to content
This repository has been archived by the owner on Aug 2, 2022. It is now read-only.

Enable Elasticsearch running as non-root without any extra capabilities or privileges #703

Merged
merged 3 commits into from
Mar 26, 2021
Merged

Enable Elasticsearch running as non-root without any extra capabilities or privileges #703

merged 3 commits into from
Mar 26, 2021

Commits on Mar 19, 2021

  1. Enable running OD-ES as non-root via helm 

    By setting a securityContext for the pod, disabling initContainers and not
giving SYS_CHROOT cap (both of which might not even be required anyway) it
is possible to run as non-root.

The "fixmount" initContainer is not required if a fsGroup is set via
securityContext.

The "SYS_CHROOT" cap does not appear to be required any more.

Example parameters for this setup are given in values-nonroot.yaml

Signed-off-by: Tim Rice <[email protected]>
    Tim Rice committed Mar 19, 2021
    Configuration menu
    Copy the full SHA
    b18b182 View commit details
    Browse the repository at this point in the history

  2. document new parameters 

    Signed-off-by: Tim Rice <[email protected]>
    Tim Rice committed Mar 19, 2021
    Configuration menu
    Copy the full SHA
    80ffe0a View commit details
    Browse the repository at this point in the history

  3. rename helm variable 'elasticsearch.securityContext' to 'elasticsearc… 

    …h.securityContextCustom'

Signed-off-by: Tim Rice <[email protected]>
    Tim Rice committed Mar 19, 2021
    Configuration menu
    Copy the full SHA
    bf58664 View commit details
    Browse the repository at this point in the history