Add security context template at pod/container level for etcd chart

This change implements runAsUser flag at pod level and readOnly-fs flag at container level Change-Id: Idcb78a1125b51e3b2a71c8cab0e97246c3f1c5aa
2020-09-08 11:58:35 -05:00 · 2020-09-08 11:58:35 -05:00 · cb1bd3c6d7
commit cb1bd3c6d7
parent 094acf9c86
2 changed files with 10 additions and 0 deletions
--- a/etcd/templates/deployment.yaml
+++ b/etcd/templates/deployment.yaml
@ -40,6 +40,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
+{{ dict "envAll" $envAll "application" "etcd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
      serviceAccountName: {{ $rcControllerName | quote }}
      affinity:
 {{ tuple $envAll "etcd" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
@ -50,6 +51,7 @@ spec:
      containers:
        - name: etcd
 {{ tuple $envAll "etcd" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ dict "envAll" $envAll "application" "etcd" "container" "etcd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
          command:
            - /tmp/etcd.sh
          ports:
--- a/etcd/values.yaml
+++ b/etcd/values.yaml
@ -51,6 +51,14 @@ dependencies:
      jobs: null

 pod:
+  security_context:
+    etcd:
+      pod:
+        runAsUser: 65534
+      container:
+        etcd:
+          runAsUser: 0
+          readOnlyRootFilesystem: false
  affinity:
    anti:
      type: