Browse Source

Merge "Drydock: Add pod/container security context"

Zuul 2 weeks ago
parent
commit
3b2388e20c
2 changed files with 10 additions and 0 deletions
  1. 2
    0
      charts/drydock/templates/deployment.yaml
  2. 8
    0
      charts/drydock/values.yaml

+ 2
- 0
charts/drydock/templates/deployment.yaml View File

@@ -35,6 +35,7 @@ spec:
35 35
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
36 36
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
37 37
     spec:
38
+{{ dict "envAll" $envAll "application" "drydock" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
38 39
       nodeSelector:
39 40
         {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value | quote }}
40 41
       serviceAccountName: {{ $serviceAccountName }}
@@ -48,6 +49,7 @@ spec:
48 49
           image: {{ .Values.images.tags.drydock }}
49 50
           imagePullPolicy: {{ .Values.images.pull_policy }}
50 51
 {{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
52
+{{ dict "envAll" $envAll "application" "drydock" "container" "drydock_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
51 53
           env:
52 54
             - name: 'MAAS_API_KEY'
53 55
               valueFrom:

+ 8
- 0
charts/drydock/values.yaml View File

@@ -55,6 +55,14 @@ network:
55 55
         nginx.ingress.kubernetes.io/rewrite-target: /
56 56
 
57 57
 pod:
58
+  security_context:
59
+    drydock:
60
+      pod:
61
+        runAsUser: 65534
62
+      container:
63
+        drydock_api:
64
+          allowPrivilegeEscalation: false
65
+          readOnlyRootFilesystem: true
58 66
   lifecycle:
59 67
     upgrades:
60 68
       deployments:

Loading…
Cancel
Save