ClearML/clearml-helm-charts
1
0
Fork 0
mirror of https://github.com/clearml/clearml-helm-charts synced 2025-01-31 17:16:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
a69530d07a
clearml-helm-charts/charts/clearml/values-non-root-privileged.yaml
Valeriano Manassero a69530d07a
Update dependency charts (#184) 
* Changed: update dependency charts

* Changed: update values for dependencies

* Added: major release update instructions

* Changed: version update

* Added: dep repos

* Changed: improved securityContexts

* Added: security context for enterprise apps

* Changed: agent split securityContexts

* Added: custom start scripts for apps

* Fixed: missing description

* Changed: updated images

* Added: non-privileged/non-root configs

* Fixed: title level

* CHanged: changelog update

* Added: global registry setting

* Added: services annotations

* Fixed: non-root enterprise reference
2023-03-16 08:42:27 +01:00

81 lines
1.9 KiB
YAML
Executable File
Raw Blame History

apiserver:
containerSecurityContext:
runAsUser: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
fileserver:
containerSecurityContext:
runAsUser: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
webserver:
containerSecurityContext:
runAsUser: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
enterpriseFeatures:
enabled: true
clearmlApplications:
containerSecurityContext:
runAsUser: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
containerCustomBashScript: |
export HOME=/tmp ;
export LOCAL_PYTHON=python3 ;
$LOCAL_PYTHON -m pip install clearml-agent{agent_install_args} ;
$LOCAL_PYTHON -m clearml_agent execute {default_execution_agent_args} --id {task_id}
extraEnvs:
- name: CLEARML_K8S_GLUE_START_AGENT_SCRIPT_PATH
value: /tmp/__start_agent__.sh
- name: HOME
value: /tmp
redis:
master:
containerSecurityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
mongodb:
containerSecurityContext:
enabled: true
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
elasticsearch:
sysctlInitContainer:
enabled: false
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
Reference in New Issue View Git Blame Copy Permalink