Mini-mirror: Add pod/container security context

This updates the Mini-mirror chart to include the pod security context on the pod template Change-Id: Id987f3bb38e257c74db8254096743a61514f3397
2019-11-25 09:37:26 -06:00 · 2019-11-25 09:37:26 -06:00 · b4a8d1e9e8
parent b60acc3307
commit b4a8d1e9e8
2 changed files with 10 additions and 0 deletions
--- a/mini-mirror/templates/deployment-mini-mirror.yaml
+++ b/mini-mirror/templates/deployment-mini-mirror.yaml
@ -40,11 +40,13 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
+{{ dict "envAll" $envAll "application" "mini_mirror" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
      nodeSelector:
        {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
      containers:
        - name: mini-mirror-api
 {{ tuple $envAll "mini-mirror" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ dict "envAll" $envAll "application" "mini_mirror" "container" "mini_mirror_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
          ports:
            - name: api
              containerPort: {{ tuple "api" "port" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
--- a/mini-mirror/values.yaml
+++ b/mini-mirror/values.yaml
@ -71,6 +71,14 @@ pod:
    disruption_budget:
      api:
        min_available: 0
+  security_context:
+    mini_mirror:
+      pod:
+        runAsUser: 1000
+      container:
+        mini_mirror_api:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
  resources:
    enabled: false
    api: