change run user when userspace is not checked

This commit is contained in:
Stavros kois
2022-09-13 09:39:23 +03:00
parent 20b8eed718
commit 6fb5ef88fb

View File

@@ -11,14 +11,23 @@ command: ["ash", "/tailscale/run.sh"]
tty: true
# It should run rootless. But needs test
securityContext:
{{- if .Values.addons.vpn.tailscale.userspace }}
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
readOnlyRootFilesystem: true
{{- else }}
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
{{- end }}
capabilities:
add:
- NET_ADMIN
envFrom:
- secretRef:
name: {{ $secretName }}