From 16b2c8dcc4b6fb3f2b9ed5a811ad8aaab0d6ad6d Mon Sep 17 00:00:00 2001
From: PrateekDodda <pd2839@att.com>
Date: Tue, 1 Sep 2020 10:04:47 -0500
Subject: [PATCH] Implement missing security context for nginx container

This change adds security context template at pod/container level

Change-Id: I2fbff7b3325f4b6dd98d9299b0daf9e230ece9ae
---
 glance/templates/deployment-api.yaml | 1 +
 glance/values.yaml                   | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml
index 76c3054407..37bdd3ab8e 100644
--- a/glance/templates/deployment-api.yaml
+++ b/glance/templates/deployment-api.yaml
@@ -96,6 +96,7 @@ spec:
         - name: nginx
 {{ tuple $envAll "nginx" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.nginx | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "glance" "container" "nginx" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           ports:
             - name: g-api
               containerPort: {{ tuple "image" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
diff --git a/glance/values.yaml b/glance/values.yaml
index f1999e878b..5d81d4522b 100644
--- a/glance/values.yaml
+++ b/glance/values.yaml
@@ -845,6 +845,9 @@ pod:
         glance_api:
           readOnlyRootFilesystem: true
           allowPrivilegeEscalation: false
+        nginx:
+          readOnlyRootFilesystem: false
+          runAsUser: 0
         glance_registry:
           readOnlyRootFilesystem: true
           allowPrivilegeEscalation: false