volcano-sh
/
dashboard
mirror of https://github.com/volcano-sh/dashboard.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add security context configuration 

Signed-off-by: jessestutler <chenzicong4@huawei.com>
Signed-off-by: RONAK <codeitronak226277@gmail.com>
This commit is contained in:
jessestutler 2025-04-29 14:29:24 +08:00 committed by RONAK
parent 3e76177d7f
commit 7f5ee5b211
3 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deployment/build/frontend/Dockerfile
View File

@ -16,6 +16,6 @@ COPY --from=builder /app/dist /usr/share/nginx/html
COPY frontend/nginx.conf /etc/nginx/nginx.conf
EXPOSE 80
EXPOSE 8080
CMD ["nginx", "-g", "daemon off;"]

33
deployment/volcano-dashboard.yaml
View File

@ -16,15 +16,32 @@ spec:
labels:
app: volcano-dashboard
spec:
securityContext:
seLinuxOptions:
level: s0:c123,c456
seccompProfile:
type: RuntimeDefault
serviceAccountName: volcano-dashboard
containers:
- image: volcanosh/vc-dashboard-frontend:latest
imagePullPolicy: Always
name: frontend
ports:
- containerPort: 80
- containerPort: 8080
name: frontend
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /var/cache/nginx
name: nginx-cache
- mountPath: /run
name: nginx-run
- image: volcanosh/vc-dashboard-backend:latest
imagePullPolicy: Always
name: backend
@ -32,6 +49,18 @@ spec:
- containerPort: 3001
name: backend
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000
volumes:
- name: nginx-cache
emptyDir: {}
- name: nginx-run
emptyDir: {}
---
# volcano dashboard serviceAccount
@ -115,6 +144,6 @@ spec:
- name: frontend
port: 80
protocol: TCP
targetPort: 80
targetPort: 8080
selector:
app: volcano-dashboard

2
frontend/nginx.conf
View File

@ -3,7 +3,7 @@ events {}
http {
include mime.types;
server {
listen 80;
listen 8080;
server_name localhost;
location / {