Implement helm-toolkit snippet to armada test pods/containers
This updates the armada chart to include the pod security context on the pod template. This also adds the container security context to set readOnlyRootFilesystem flag to true Change-Id: Ie19852e6a87c15a93caca8915ba92d51c47ec04b
This commit is contained in:
parent
70dfcae20a
commit
d31aefb76c
@ -30,6 +30,7 @@ metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "armada" "api-test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
spec:
|
||||
{{ dict "envAll" $envAll "application" "api_test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
|
||||
restartPolicy: Never
|
||||
nodeSelector:
|
||||
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
|
||||
@ -41,6 +42,7 @@ spec:
|
||||
image: {{ .Values.images.tags.api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple . .Values.pod.resources.test.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
|
||||
{{ dict "envAll" $envAll "application" "api_test" "container" "armada_api_test" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}
|
||||
command: ["/bin/bash", "-c", "curl -v -X GET --fail ${ARMADA_URL}/api/v1.0/health; exit $?"]
|
||||
...
|
||||
{{- end }}
|
||||
|
@ -279,6 +279,13 @@ pod:
|
||||
runAsUser: 65534
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
api_test:
|
||||
pod:
|
||||
runAsUser: 1000
|
||||
container:
|
||||
armada_api_test:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
env:
|
||||
# NOTE(@drewwalters96): These configuration values change the Armada API's
|
||||
# uWSGI configuration.
|
||||
|
Loading…
Reference in New Issue
Block a user