Configuring Security Context for the connectware-agent Helm Chart
Configuring Security Context
Connectware agents installed using the connectware-agent Helm chart allow changing the security context of executed containers by defining the securityContext and podSecurityContext sections inside the agents entry in the protocolMapperAgents context of your values.yaml file.
It is important to note, that the security context required by the agent is dependent on installed services, so any modifications made should be verified to work with your use case.
Example
protocolMapperAgents:
- name: bender-robots
connectwareHost: connectware.cybus # adjust to actual hostname of Connectware
podSecurityContext:
runAsUser: 1000
runAsGroup: 1000
Code-Sprache: YAML (yaml)The difference between securityContext and podSecurityContext is, that securityContext puts restrictions on the container, while podSecurityContext puts restrictions on the pod. While this may seem pointless with the agents single container inside its pod, it does play a role when, for example, attaching an ephemeral container to the pod.
Unsetting Security Context
If you set a securityContext or podSecurityContext in the protocolMapperAgentDefaults section of your values.yaml file, you can unset them for individual agents by setting the value of securityContext or podSecurityContext to {} inside the agents entry in the protocolMapperAgents context of your values.yaml.
Example:
protocolMapperAgentDefaults:
connectwareHost: connectware.cybus # adjust to actual hostname of Connectware
podSecurityContext:
runAsUser: 1000
runAsGroup: 1000
protocolMapperAgents:
- name: bender-robots # this agent will run as user & group 1000
- name: welder-robots # this agent will not run as user & group 1000
podSecurityContext: {}
Code-Sprache: YAML (yaml)Need more help?
Can’t find the answer you’re looking for?
Don’t worry, we’re here to help.