UPDATE - user hostPath vol for traefik log

playbooks/templates/values.yml.j2

@@ -58,7 +58,7 @@ deployment:
   #   image: busybox:latest
   #   command: [ "/bin/sh", "-c", "touch /var/log/traefik/acccess.log; touch /var/log/traefik/traefik.log; chown -R 65534:65534 /var/log/traefik" ]
   #   volumeMounts:
-  #   - name: traefik-logs-vol
+  #   - name: traefik-logs
   #     mountPath: /var/log/traefik
   #   securityContext:
   #     runAsGroup: 65532
@@ -67,10 +67,13 @@ deployment:
 
   # Additional volumes to use with  [ initContainers and additionalContainers ]
   additionalVolumes:
+    - name: traefik-logs
+      emptyDir: {}
     - name: filebeat-configmap
-      - name: traefik-logs-vol
-        mountPath: /var/log/traefik
 
+additionalVolumeMounts:
+  - name: traefik-logs
+    mountPath: /var/log/traefik
     
 # Add traefik-logs-vol volume to the [ traefik pod ]
 # volumes:
@@ -122,24 +125,24 @@ ports:
 # The attack surface can further limited with "seccomp" which is stable since
 # Kubernetes v1.19 and allows to limit system calls to a bare minimum. See:
 # https://kubernetes.io/docs/tutorials/clusters/seccomp/"
-securityContext:
-  capabilities:
-    drop:
-      - ALL
-  readOnlyRootFilesystem: true
-  runAsGroup: 65532
-  runAsNonRoot: true
-  runAsUser: 65532
-
 # securityContext:
 #   capabilities:
-#     add:
+#     drop:
 #       - ALL
-#   readOnlyRootFilesystem: false
+#   readOnlyRootFilesystem: true
 #   runAsGroup: 65532
-#   runAsNonRoot: false
+#   runAsNonRoot: true
 #   runAsUser: 65532
 
+securityContext:
+  capabilities:
+    add:
+      - ALL
+  readOnlyRootFilesystem: false
+  runAsGroup: 65532
+  runAsNonRoot: false
+  runAsUser: 65532
+
 # All processes of the container are also part of this supplementary group ID.
 podSecurityContext:
   fsGroup: 65532