[tyk-bootstrap] [pre-install-job] containerSecurityContext #402
Description
Hello,
It seems there is an error in the values configuration of the pre-install-bootstrap job. When I try to run kubeconform on the generated manifest I have this error:
Job bootstrap-pre-install-tyk-tyk-bootstrap is invalid: problem validating schema. Check JSON formatting: jsonschema: '/spec/template/spec/containers/0/securityContext' does not validate with https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone-strict/job-batch-v1.json#/properties/spec/properties/template/properties/spec/properties/containers/items/properties/securityContext/additionalProperties: additionalProperties 'fsGroup' not allowed
This, is the default values:
tyk-bootstrap:
bootstrap:
devPortal: false
dashboard: false
containerSecurityContext:
fsGroup: 1000
runAsNonRoot: true
runAsUser: 1001
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
According the kubernetes API reference it's not possible to set fsGroup at the container level, it should be at the pod level:
- Pod Level Api ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/?source=post_page-----4ca682670f7b---------------------------------------#podsecuritycontext-v1-core
- Container Level Api ref : https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/?source=post_page-----4ca682670f7b---------------------------------------#securitycontext-v1-core
Version of the helm stack: 3.0.0