1
0
Fork 0
mirror of https://github.com/arangodb/kube-arangodb.git synced 2024-12-14 11:57:37 +00:00
kube-arangodb/docs/features/secured_containers.md

34 lines
No EOL
858 B
Markdown

---
layout: page
title: Secured containers
parent: List of all features
---
# Secured Containers
## Overview
Change Default settings of:
* PodSecurityContext
* `FSGroup` is set to `3000`
* SecurityContext (Container)
* `RunAsUser` is set to `1000`
* `RunAsGroup` is set to `2000`
* `RunAsNonRoot` is set to `true`
* `ReadOnlyRootFilesystem` is set to `true`
* `Capabilities.Drop` is set to `["ALL"]`
## Dependencies
- [Operator Ephemeral Volumes](ephemeral_volumes.md) should be Enabled and Supported.
## How to use
To enable this feature use `--deployment.feature.secured-containers` arg, which needs be passed to the operator:
```shell
helm upgrade --install kube-arangodb \
https://github.com/arangodb/kube-arangodb/releases/download/$VER/kube-arangodb-$VER.tgz \
--set "operator.args={--deployment.feature.secured-containers}"
```