Add allowPrivilegeEscalation key to deployment resource for container security_context

[xflahertyx]

https://kubernetes.io/docs/concepts/policy/pod-security-policy/#privilege-escalation

Terraform Version

Terraform v0.11.10

• provider.aws v1.35.0
• provider.kubernetes v1.4.0

Affected Resource(s)

Please list the resources as a list, for example:

• kubernetes_deployment

Terraform Configuration Files

resource "kubernetes_deployment" "processor" {
  metadata {
    name = "processor-${terraform.workspace}"
    namespace = "prod"
  }
  spec {
    replicas = 1
    selector {
      match_labels {
        app = "processor-${terraform.workspace}"
        environment = "${terraform.workspace}"
      }
    }
    template {
      metadata {
        labels {
          app = "processor-${terraform.workspace}"
          environment = "${terraform.workspace}"
        }
      }
      spec {
        security_context {
          fs_group = 10001
          run_as_non_root = true
          run_as_user = 10001
        }
        container {
          name = "processor-${terraform.workspace}"
          security_context {
            allow_privilege_escalation = false
            capabilities {
              drop = ["ALL"]
            }
            privileged = false
            run_as_non_root = true
            run_as_user = 10001
          }
          volume_mount {
            mount_path = "/tmp"
            name = "tmp"
          }
        }
        volume {
          name = "tmp"
          empty_dir = {}
        }
      }
    }
  }
}

Debug Output

Error: kubernetes_deployment.processor: spec.0.template.0.spec.0.container.0.security_context.0: invalid or unknown key: allow_privilege_escalation

Expected Behavior

The resource should have been created

Actual Behavior

Error

Steps to Reproduce

1. terraform apply

[pdecat]

Need that too, I'm working on a PR right now.