clearml-helm-charts/charts/clearml/values-non-root-privileged.yaml

apiserver:
  containerSecurityContext:
    runAsUser: 1000
    runAsNonRoot: true
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

fileserver:
  containerSecurityContext:
    runAsUser: 1000
    runAsNonRoot: true
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

webserver:
  containerSecurityContext:
    runAsUser: 1000
    runAsNonRoot: true
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault

enterpriseFeatures:
  enabled: true
  clearmlApplications:
    containerSecurityContext:
      runAsUser: 1000
      runAsNonRoot: true
      allowPrivilegeEscalation: false
      capabilities:
        drop: ["ALL"]
      seccompProfile:
        type: RuntimeDefault
    containerCustomBashScript: |
      export HOME=/tmp ;
      export LOCAL_PYTHON=python3 ; 
      $LOCAL_PYTHON -m pip install clearml-agent{agent_install_args} ; 
      $LOCAL_PYTHON -m clearml_agent execute {default_execution_agent_args} --id {task_id}
    extraEnvs:
      - name: CLEARML_K8S_GLUE_START_AGENT_SCRIPT_PATH
        value: /tmp/__start_agent__.sh
      - name: HOME
        value: /tmp

redis:
  master:
    containerSecurityContext:
      runAsNonRoot: true
      allowPrivilegeEscalation: false
      capabilities:
        drop: ["ALL"]
      seccompProfile:
        type: RuntimeDefault
mongodb:
  containerSecurityContext:
    enabled: true
    runAsNonRoot: true
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault
elasticsearch:
  sysctlInitContainer:
    enabled: false
  securityContext:
    runAsNonRoot: true
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
    seccompProfile:
      type: RuntimeDefault
Update dependency charts (#184) * Changed: update dependency charts * Changed: update values for dependencies * Added: major release update instructions * Changed: version update * Added: dep repos * Changed: improved securityContexts * Added: security context for enterprise apps * Changed: agent split securityContexts * Added: custom start scripts for apps * Fixed: missing description * Changed: updated images * Added: non-privileged/non-root configs * Fixed: title level * CHanged: changelog update * Added: global registry setting * Added: services annotations * Fixed: non-root enterprise reference 2023-03-16 07:42:27 +00:00			`apiserver:`
			`containerSecurityContext:`
			`runAsUser: 1000`
			`runAsNonRoot: true`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop: ["ALL"]`
			`seccompProfile:`
			`type: RuntimeDefault`

			`fileserver:`
			`containerSecurityContext:`
			`runAsUser: 1000`
			`runAsNonRoot: true`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop: ["ALL"]`
			`seccompProfile:`
			`type: RuntimeDefault`

			`webserver:`
			`containerSecurityContext:`
			`runAsUser: 1000`
			`runAsNonRoot: true`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop: ["ALL"]`
			`seccompProfile:`
			`type: RuntimeDefault`

			`enterpriseFeatures:`
			`enabled: true`
			`clearmlApplications:`
			`containerSecurityContext:`
			`runAsUser: 1000`
			`runAsNonRoot: true`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop: ["ALL"]`
			`seccompProfile:`
			`type: RuntimeDefault`
			`containerCustomBashScript: \|`
			`export HOME=/tmp ;`
			`export LOCAL_PYTHON=python3 ;`
			`$LOCAL_PYTHON -m pip install clearml-agent{agent_install_args} ;`
			`$LOCAL_PYTHON -m clearml_agent execute {default_execution_agent_args} --id {task_id}`
			`extraEnvs:`
			`- name: CLEARML_K8S_GLUE_START_AGENT_SCRIPT_PATH`
			`value: /tmp/__start_agent__.sh`
			`- name: HOME`
			`value: /tmp`

			`redis:`
			`master:`
			`containerSecurityContext:`
			`runAsNonRoot: true`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop: ["ALL"]`
			`seccompProfile:`
			`type: RuntimeDefault`
			`mongodb:`
			`containerSecurityContext:`
			`enabled: true`
			`runAsNonRoot: true`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop: ["ALL"]`
			`seccompProfile:`
			`type: RuntimeDefault`
			`elasticsearch:`
			`sysctlInitContainer:`
			`enabled: false`
			`securityContext:`
			`runAsNonRoot: true`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop: ["ALL"]`
			`seccompProfile:`
			`type: RuntimeDefault`