Dear all, I have a question regarding setting the ...
# ask-the-community
v
Dear all, I have a question regarding setting the securityContext for flyte workloads - including the sidecar containers. One way of changing the securitycontext of the pod/containers is through defining a pod template in python:
pod_template_data_management = Pod(
pod_spec=V1PodSpec(
containers=[
V1Container(
name="primary",
# omitted for brevity
security_context = V1SecurityContext(
allow_privilege_escalation = False,
capabilities = V1Capabilities(
drop = ["SYS_PTRACE", "ALL"]
),
privileged = False,
run_as_non_root = True
),
),
],
security_context = V1PodSecurityContext(
run_as_non_root = True,
seccomp_profile = V1SeccompProfile(
type = "RuntimeDefault"
),
run_as_user = 1000
)
),
)
and then using it in a task definition like this:
download_data_from_minio = ContainerTask(
name="DownloadData",
image=myimage,
command=["python", "-m", "src.download_data"],
# omitted for brevity
pod_template=pod_template_data_management,
)