From 7e44391b3fbcfbc3af85214791c76d4f8d231d8c Mon Sep 17 00:00:00 2001 From: AvivGuiser Date: Wed, 26 Jun 2024 16:00:54 +0300 Subject: [PATCH] add default to rollout operator from loki chart Signed-off-by: AvivGuiser --- charts/tempo-distributed/README.md | 10 +++++++++- charts/tempo-distributed/values.yaml | 17 ++++++++++++++++- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index e95c174d5a..cc6deb4081 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -766,7 +766,15 @@ The memcached default args are removed and should be provided manually. The sett | rbac.create | bool | `false` | Specifies whether RBAC manifests should be created | | rbac.pspEnabled | bool | `false` | Specifies whether a PodSecurityPolicy should be created | | reportingEnabled | bool | `true` | If true, Tempo will report anonymous usage data about the shape of a deployment to Grafana Labs | -| rollout_operator | object | `{"enabled":false}` | Enable rollout-operator. It must be enabled when using Zone Aware Replication. | +| rollout_operator.enabled | bool | `false` | Enable rollout-operator. It must be enabled when using Zone Aware Replication. | +| rollout_operator.podSecurityContext.fsGroup | int | `10001` | | +| rollout_operator.podSecurityContext.runAsGroup | int | `10001` | | +| rollout_operator.podSecurityContext.runAsNonRoot | bool | `true` | | +| rollout_operator.podSecurityContext.runAsUser | int | `10001` | | +| rollout_operator.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | | +| rollout_operator.securityContext.allowPrivilegeEscalation | bool | `false` | | +| rollout_operator.securityContext.capabilities.drop[0] | string | `"ALL"` | | +| rollout_operator.securityContext.readOnlyRootFilesystem | bool | `true` | | | server.grpc_server_max_recv_msg_size | int | `4194304` | Max gRPC message size that can be received | | server.grpc_server_max_send_msg_size | int | `4194304` | Max gRPC message size that can be sent | | server.httpListenPort | int | `3100` | HTTP server listen host | diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 0fe88fd724..3f4aea96af 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -992,10 +992,25 @@ enterpriseFederationFrontend: multitenancyEnabled: false -# -- Enable rollout-operator. It must be enabled when using Zone Aware Replication. rollout_operator: +# -- Enable rollout-operator. It must be enabled when using Zone Aware Replication. enabled: false + podSecurityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + seccompProfile: + type: RuntimeDefault + + # Set the container security context + securityContext: + readOnlyRootFilesystem: true + capabilities: + drop: [ALL] + allowPrivilegeEscalation: false + traces: jaeger: grpc: